diff options
| author | Ken Raeburn <raeburn@mit.edu> | 2007-10-22 19:18:53 +0000 |
|---|---|---|
| committer | Ken Raeburn <raeburn@mit.edu> | 2007-10-22 19:18:53 +0000 |
| commit | 3d8fa6bb4012296a53fe04e486a9157a2963b644 (patch) | |
| tree | 7c0f5dcc658ebd75d758024a21097af95d616e05 /src/plugins | |
| parent | 70e8d7a6c50bbdb547150eba0abdef46d93d5b71 (diff) | |
| download | krb5-3d8fa6bb4012296a53fe04e486a9157a2963b644.tar.gz krb5-3d8fa6bb4012296a53fe04e486a9157a2963b644.tar.xz krb5-3d8fa6bb4012296a53fe04e486a9157a2963b644.zip | |
Set close-on-exec flag in most places where file descriptors are
opened in our libraries (in case another application thread spawns a
new process) and in the KDC programs (in case a plugin library spawns
a new process).
Checked calls to: open fopen THREEPARAMOPEN mkstemp socket accept dup
dup2 pipe. In: util lib plugins kdc kadmin/server krb524.
The various programs are less critical than the libraries, as any
well-written plugin that spawns a new process should close all file
descriptors it doesn't need to communicate with the new process.
This approach also isn't bulletproof, as the call to set the
close-on-exec flag is necessarily a separate call from creating the
file descriptor, and the fork call could happen in between them. So
plugins should be careful regardless of this patch; it will only
reduce the window of potential lossage should a plugin be poorly
written. (AFAIK there are currently no plugins that spawn processes
where this would be a problem.)
Update dependencies.
ticket: 5561
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20143 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/plugins')
| -rw-r--r-- | src/plugins/kdb/db2/adb_openclose.c | 4 | ||||
| -rw-r--r-- | src/plugins/kdb/db2/kdb_db2.c | 5 | ||||
| -rw-r--r-- | src/plugins/kdb/db2/libdb2/btree/Makefile.in | 85 | ||||
| -rw-r--r-- | src/plugins/kdb/db2/libdb2/btree/bt_open.c | 1 | ||||
| -rw-r--r-- | src/plugins/kdb/db2/libdb2/db/Makefile.in | 6 | ||||
| -rw-r--r-- | src/plugins/kdb/db2/libdb2/hash/Makefile.in | 61 | ||||
| -rw-r--r-- | src/plugins/kdb/db2/libdb2/mpool/Makefile.in | 7 | ||||
| -rw-r--r-- | src/plugins/kdb/db2/libdb2/recno/Makefile.in | 55 | ||||
| -rw-r--r-- | src/plugins/kdb/db2/libdb2/recno/rec_open.c | 5 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/Makefile.in | 8 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c | 8 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/Makefile.in | 132 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c | 1 | ||||
| -rw-r--r-- | src/plugins/locate/python/py-locate.c | 3 | ||||
| -rw-r--r-- | src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 1 | ||||
| -rw-r--r-- | src/plugins/preauth/pkinit/pkinit_lib.c | 2 |
16 files changed, 198 insertions, 186 deletions
diff --git a/src/plugins/kdb/db2/adb_openclose.c b/src/plugins/kdb/db2/adb_openclose.c index ce963e0da..453c73b02 100644 --- a/src/plugins/kdb/db2/adb_openclose.c +++ b/src/plugins/kdb/db2/adb_openclose.c @@ -209,6 +209,7 @@ krb5_error_code osa_adb_init_db(osa_adb_db_t *dbp, char *filename, return OSA_ADB_NOLOCKFILE; } } + set_cloexec_file(lockp->lockinfo.lockfile); lockp->lockinfo.lockmode = lockp->lockinfo.lockcnt = 0; } @@ -353,6 +354,9 @@ krb5_error_code osa_adb_release_lock(osa_adb_db_t db) /* now we need to create the file since it does not exist */ fd = THREEPARAMOPEN(db->lock->filename,O_RDWR | O_CREAT | O_EXCL, 0600); + if (fd < 0) + return OSA_ADB_NOLOCKFILE; + set_cloexec_fd(fd); if ((db->lock->lockfile = fdopen(fd, "w+")) == NULL) return OSA_ADB_NOLOCKFILE; } else if ((ret = krb5_lock_file(db->lock->context, diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c index bce659751..eda5274d9 100644 --- a/src/plugins/kdb/db2/kdb_db2.c +++ b/src/plugins/kdb/db2/kdb_db2.c @@ -1,7 +1,7 @@ /* * lib/kdb/kdb_db2.c * - * Copyright 1997,2006 by the Massachusetts Institute of Technology. + * Copyright 1997,2006,2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -332,6 +332,7 @@ krb5_db2_db_init(krb5_context context) goto err_out; } } + set_cloexec_fd(db_ctx->db_lf_file); db_ctx->db_inited++; if ((retval = krb5_db2_db_get_age(context, NULL, &db_ctx->db_lf_time))) @@ -754,6 +755,7 @@ destroy_file_suffix(char *dbname, char *suffix) free(filename); return errno; } + set_cloexec_fd(fd); /* fstat() will probably not fail unless using a remote filesystem * (which is inappropriate for the kerberos database) so this check * is mostly paranoia. */ @@ -1719,6 +1721,7 @@ krb5_db2_db_rename(context, from, to) retval = errno; goto errout; } + set_cloexec_fd(db_ctx->db_lf_file); db_ctx->db_inited = 1; diff --git a/src/plugins/kdb/db2/libdb2/btree/Makefile.in b/src/plugins/kdb/db2/libdb2/btree/Makefile.in index 4372fac0e..6c3444814 100644 --- a/src/plugins/kdb/db2/libdb2/btree/Makefile.in +++ b/src/plugins/kdb/db2/libdb2/btree/Makefile.in @@ -21,75 +21,68 @@ clean-unix:: clean-libobjs # the Makefile.in file # bt_close.so bt_close.po $(OUTPRE)bt_close.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h bt_close.c btree.h extern.h +bt_conv.so bt_conv.po $(OUTPRE)bt_conv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_close.c btree.h extern.h -bt_conv.so bt_conv.po $(OUTPRE)bt_conv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ + bt_conv.c btree.h extern.h +bt_debug.so bt_debug.po $(OUTPRE)bt_debug.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_conv.c btree.h extern.h -bt_debug.so bt_debug.po $(OUTPRE)bt_debug.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ + $(srcdir)/../mpool/mpool.h bt_debug.c btree.h extern.h +bt_delete.so bt_delete.po $(OUTPRE)bt_delete.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h bt_delete.c btree.h extern.h +bt_get.so bt_get.po $(OUTPRE)bt_get.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_debug.c btree.h extern.h -bt_delete.so bt_delete.po $(OUTPRE)bt_delete.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ + bt_get.c btree.h extern.h +bt_open.so bt_open.po $(OUTPRE)bt_open.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_delete.c btree.h extern.h -bt_get.so bt_get.po $(OUTPRE)bt_get.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_get.c btree.h extern.h -bt_open.so bt_open.po $(OUTPRE)bt_open.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(srcdir)/../include/config.h \ + bt_open.c btree.h extern.h +bt_overflow.so bt_overflow.po $(OUTPRE)bt_overflow.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_open.c btree.h extern.h -bt_overflow.so bt_overflow.po $(OUTPRE)bt_overflow.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ + $(srcdir)/../mpool/mpool.h bt_overflow.c btree.h extern.h +bt_page.so bt_page.po $(OUTPRE)bt_page.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_overflow.c btree.h extern.h -bt_page.so bt_page.po $(OUTPRE)bt_page.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_page.c btree.h extern.h + bt_page.c btree.h extern.h bt_put.so bt_put.po $(OUTPRE)bt_put.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_put.c btree.h extern.h -bt_search.so bt_search.po $(OUTPRE)bt_search.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_search.c btree.h extern.h -bt_seq.so bt_seq.po $(OUTPRE)bt_seq.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ + bt_put.c btree.h extern.h +bt_search.so bt_search.po $(OUTPRE)bt_search.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_seq.c btree.h extern.h -bt_split.so bt_split.po $(OUTPRE)bt_split.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ + $(srcdir)/../mpool/mpool.h bt_search.c btree.h extern.h +bt_seq.so bt_seq.po $(OUTPRE)bt_seq.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_split.c btree.h extern.h + bt_seq.c btree.h extern.h +bt_split.so bt_split.po $(OUTPRE)bt_split.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h bt_split.c btree.h extern.h bt_utils.so bt_utils.po $(OUTPRE)bt_utils.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_utils.c btree.h extern.h + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h bt_utils.c btree.h extern.h diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_open.c b/src/plugins/kdb/db2/libdb2/btree/bt_open.c index a18eef2cf..0f848d8ad 100644 --- a/src/plugins/kdb/db2/libdb2/btree/bt_open.c +++ b/src/plugins/kdb/db2/libdb2/btree/bt_open.c @@ -425,6 +425,7 @@ tmp() #endif if ((fd = mkstemp(path)) != -1) (void)unlink(path); + set_cloexec_fd(fd); #ifdef SIG_BLOCK (void)sigprocmask(SIG_SETMASK, &oset, NULL); #else diff --git a/src/plugins/kdb/db2/libdb2/db/Makefile.in b/src/plugins/kdb/db2/libdb2/db/Makefile.in index aaa021fb1..7c5d2b582 100644 --- a/src/plugins/kdb/db2/libdb2/db/Makefile.in +++ b/src/plugins/kdb/db2/libdb2/db/Makefile.in @@ -18,6 +18,6 @@ SRCS= $(STLIBOBJS:.o=.c) # the Makefile.in file # db.so db.po $(OUTPRE)db.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db.h db.c + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db.h \ + db.c diff --git a/src/plugins/kdb/db2/libdb2/hash/Makefile.in b/src/plugins/kdb/db2/libdb2/hash/Makefile.in index 9dced606e..12b2a471e 100644 --- a/src/plugins/kdb/db2/libdb2/hash/Makefile.in +++ b/src/plugins/kdb/db2/libdb2/hash/Makefile.in @@ -20,44 +20,43 @@ SRCS= $(STLIBOBJS:.o=.c) # the Makefile.in file # hash.so hash.po $(OUTPRE)hash.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h hash.c hash.h page.h -hash_bigkey.so hash_bigkey.po $(OUTPRE)hash_bigkey.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h hash.h hash_bigkey.c page.h + extern.h hash.c hash.h page.h +hash_bigkey.so hash_bigkey.po $(OUTPRE)hash_bigkey.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h extern.h hash.h hash_bigkey.c \ + page.h hash_debug.so hash_debug.po $(OUTPRE)hash_debug.$(OBJEXT): \ hash_debug.c hash_func.so hash_func.po $(OUTPRE)hash_func.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h hash.h hash_func.c page.h + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h extern.h hash.h hash_func.c \ + page.h hash_log2.so hash_log2.po $(OUTPRE)hash_log2.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h hash.h hash_log2.c page.h + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h extern.h hash.h hash_log2.c \ + page.h hash_page.so hash_page.po $(OUTPRE)hash_page.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h hash.h hash_page.c page.h -hsearch.so hsearch.po $(OUTPRE)hsearch.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db.h hsearch.c search.h + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h extern.h hash.h hash_page.c \ + page.h +hsearch.so hsearch.po $(OUTPRE)hsearch.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db.h \ + hsearch.c search.h dbm.so dbm.po $(OUTPRE)dbm.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(BUILDTOP)/include/db-ndbm.h \ - $(BUILDTOP)/include/db.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-dbm.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - dbm.c hash.h + $(BUILDTOP)/include/db-ndbm.h $(BUILDTOP)/include/db.h \ + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-dbm.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h dbm.c hash.h diff --git a/src/plugins/kdb/db2/libdb2/mpool/Makefile.in b/src/plugins/kdb/db2/libdb2/mpool/Makefile.in index 2e1d7d60d..e33402f49 100644 --- a/src/plugins/kdb/db2/libdb2/mpool/Makefile.in +++ b/src/plugins/kdb/db2/libdb2/mpool/Makefile.in @@ -18,7 +18,6 @@ SRCS= $(STLIBOBJS:.o=.c) # the Makefile.in file # mpool.so mpool.po $(OUTPRE)mpool.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - mpool.c mpool.h + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ + $(srcdir)/../include/db.h mpool.c mpool.h diff --git a/src/plugins/kdb/db2/libdb2/recno/Makefile.in b/src/plugins/kdb/db2/libdb2/recno/Makefile.in index a31235c7b..ddfbf0157 100644 --- a/src/plugins/kdb/db2/libdb2/recno/Makefile.in +++ b/src/plugins/kdb/db2/libdb2/recno/Makefile.in @@ -20,55 +20,50 @@ SRCS= $(STLIBOBJS:.o=.c) # the Makefile.in file # rec_close.so rec_close.po $(OUTPRE)rec_close.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ - $(srcdir)/../btree/btree.h $(srcdir)/../btree/extern.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h rec_close.c recno.h + $(BUILDTOP)/include/autoconf.h $(srcdir)/../btree/btree.h \ + $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h extern.h rec_close.c recno.h rec_delete.so rec_delete.po $(OUTPRE)rec_delete.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ - $(srcdir)/../btree/btree.h $(srcdir)/../btree/extern.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h rec_delete.c recno.h -rec_get.so rec_get.po $(OUTPRE)rec_get.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(srcdir)/../btree/btree.h \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../btree/btree.h \ $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \ $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h rec_get.c recno.h -rec_open.so rec_open.po $(OUTPRE)rec_open.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ + $(srcdir)/../mpool/mpool.h extern.h rec_delete.c recno.h +rec_get.so rec_get.po $(OUTPRE)rec_get.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(srcdir)/../btree/btree.h $(srcdir)/../btree/extern.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h rec_open.c recno.h -rec_put.so rec_put.po $(OUTPRE)rec_put.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(srcdir)/../btree/btree.h \ + extern.h rec_get.c recno.h +rec_open.so rec_open.po $(OUTPRE)rec_open.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../btree/btree.h \ $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \ $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h rec_put.c recno.h -rec_search.so rec_search.po $(OUTPRE)rec_search.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ + $(srcdir)/../mpool/mpool.h extern.h rec_open.c recno.h +rec_put.so rec_put.po $(OUTPRE)rec_put.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(srcdir)/../btree/btree.h $(srcdir)/../btree/extern.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h rec_search.c recno.h -rec_seq.so rec_seq.po $(OUTPRE)rec_seq.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-config.h $(srcdir)/../btree/btree.h \ + extern.h rec_put.c recno.h +rec_search.so rec_search.po $(OUTPRE)rec_search.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../btree/btree.h \ $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \ $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h rec_seq.c recno.h -rec_utils.so rec_utils.po $(OUTPRE)rec_utils.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/db-config.h \ + $(srcdir)/../mpool/mpool.h extern.h rec_search.c recno.h +rec_seq.so rec_seq.po $(OUTPRE)rec_seq.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(srcdir)/../btree/btree.h $(srcdir)/../btree/extern.h \ $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h rec_utils.c recno.h + extern.h rec_seq.c recno.h +rec_utils.so rec_utils.po $(OUTPRE)rec_utils.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../btree/btree.h \ + $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h extern.h rec_utils.c recno.h diff --git a/src/plugins/kdb/db2/libdb2/recno/rec_open.c b/src/plugins/kdb/db2/libdb2/recno/rec_open.c index f18a1cb02..cb971ed3d 100644 --- a/src/plugins/kdb/db2/libdb2/recno/rec_open.c +++ b/src/plugins/kdb/db2/libdb2/recno/rec_open.c @@ -71,6 +71,11 @@ __rec_open(fname, flags, mode, openinfo, dflags) if (fname != NULL && (rfd = open(fname, flags | O_BINARY, mode)) < 0) return (NULL); + if (fname != NULL && fcntl(rfd, F_SETFD, 1) == -1) { + close(rfd); + return NULL; + } + /* Create a btree in memory (backed by disk). */ dbp = NULL; if (openinfo) { diff --git a/src/plugins/kdb/ldap/Makefile.in b/src/plugins/kdb/ldap/Makefile.in index 323d4a568..88ca2d91b 100644 --- a/src/plugins/kdb/ldap/Makefile.in +++ b/src/plugins/kdb/ldap/Makefile.in @@ -53,10 +53,10 @@ clean-unix:: clean-libs clean-libobjs ldap_exp.so ldap_exp.po $(OUTPRE)ldap_exp.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ $(srcdir)/libkdb_ldap/kdb_ldap.h $(srcdir)/libkdb_ldap/ldap_krbcontainer.h \ diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c index 9af978a10..f892e9659 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c @@ -1094,6 +1094,7 @@ rem_service_entry_from_file(argc, argv, file_name, service_object) com_err(me, errno, "while deleting entry from file %s", file_name); goto cleanup; } + set_cloexec_file(pfile); /* Create a new file with the extension .tmp */ tmp_file = (char *)malloc(strlen(file_name) + 4 + 1); @@ -1775,6 +1776,7 @@ kdb5_ldap_set_service_password(argc, argv) com_err(me, errno, "Failed to open file %s", file_name); goto cleanup; } + set_cloexec_file(pfile); while (fgets(line, MAX_LEN, pfile) != NULL) { if ((str = strstr(line, service_object)) != NULL) { @@ -1818,7 +1820,7 @@ kdb5_ldap_set_service_password(argc, argv) com_err(me, errno, "Error creating file %s", tmp_file); goto cleanup; } - + set_cloexec_file(newfile); fseek(pfile, 0, SEEK_SET); while (fgets(line, MAX_LEN, pfile) != NULL) { @@ -2033,7 +2035,7 @@ done: } memset(passwd, 0, passwd_len); - /* TODO: file lock for the service passowrd file */ + /* TODO: file lock for the service password file */ /* set password in the file */ old_mode = umask(0177); @@ -2043,6 +2045,7 @@ done: strerror (errno)); goto cleanup; } + set_cloexec_file(pfile); rewind (pfile); umask(old_mode); @@ -2095,6 +2098,7 @@ done: fclose(pfile); goto cleanup; } + set_cloexec_file(newfile); fseek(pfile, 0, SEEK_SET); while (fgets(line, MAX_LEN, pfile) != NULL) { diff --git a/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in b/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in index a0a69ef23..b9b242591 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in +++ b/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in @@ -100,9 +100,10 @@ kdb_ldap.so kdb_ldap.po $(OUTPRE)kdb_ldap.$(OBJEXT): \ $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.c kdb_ldap.h ldap_err.h ldap_krbcontainer.h \ @@ -110,10 +111,10 @@ kdb_ldap.so kdb_ldap.po $(OUTPRE)kdb_ldap.$(OBJEXT): \ kdb_ldap_conn.so kdb_ldap_conn.po $(OUTPRE)kdb_ldap_conn.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h kdb_ldap_conn.c ldap_handle.h ldap_krbcontainer.h \ @@ -122,10 +123,10 @@ kdb_ldap_conn.so kdb_ldap_conn.po $(OUTPRE)kdb_ldap_conn.$(OBJEXT): \ ldap_realm.so ldap_realm.po $(OUTPRE)ldap_realm.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ @@ -134,10 +135,10 @@ ldap_realm.so ldap_realm.po $(OUTPRE)ldap_realm.$(OBJEXT): \ ldap_create.so ldap_create.po $(OUTPRE)ldap_create.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_create.c ldap_err.h ldap_handle.h ldap_krbcontainer.h \ @@ -146,10 +147,10 @@ ldap_create.so ldap_create.po $(OUTPRE)ldap_create.$(OBJEXT): \ ldap_krbcontainer.so ldap_krbcontainer.po $(OUTPRE)ldap_krbcontainer.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.c \ @@ -164,10 +165,10 @@ ldap_principal.so ldap_principal.po $(OUTPRE)ldap_principal.$(OBJEXT): \ $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ @@ -184,9 +185,10 @@ ldap_principal2.so ldap_principal2.po $(OUTPRE)ldap_principal2.$(OBJEXT): \ $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ @@ -196,10 +198,10 @@ ldap_principal2.so ldap_principal2.po $(OUTPRE)ldap_principal2.$(OBJEXT): \ ldap_pwd_policy.so ldap_pwd_policy.po $(OUTPRE)ldap_pwd_policy.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ @@ -214,10 +216,10 @@ ldap_misc.so ldap_misc.po $(OUTPRE)ldap_misc.$(OBJEXT): \ $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ @@ -226,10 +228,10 @@ ldap_misc.so ldap_misc.po $(OUTPRE)ldap_misc.$(OBJEXT): \ ldap_handle.so ldap_handle.po $(OUTPRE)ldap_handle.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_handle.c ldap_handle.h ldap_krbcontainer.h \ @@ -237,10 +239,10 @@ ldap_handle.so ldap_handle.po $(OUTPRE)ldap_handle.$(OBJEXT): \ ldap_tkt_policy.so ldap_tkt_policy.po $(OUTPRE)ldap_tkt_policy.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ @@ -249,10 +251,10 @@ ldap_tkt_policy.so ldap_tkt_policy.po $(OUTPRE)ldap_tkt_policy.$(OBJEXT): \ ldap_services.so ldap_services.po $(OUTPRE)ldap_services.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ @@ -261,10 +263,10 @@ ldap_services.so ldap_services.po $(OUTPRE)ldap_services.$(OBJEXT): \ ldap_service_rights.so ldap_service_rights.po $(OUTPRE)ldap_service_rights.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ @@ -281,9 +283,10 @@ princ_xdr.so princ_xdr.po $(OUTPRE)princ_xdr.$(OBJEXT): \ $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_krbcontainer.h ldap_principal.h ldap_realm.h \ @@ -291,10 +294,10 @@ princ_xdr.so princ_xdr.po $(OUTPRE)princ_xdr.$(OBJEXT): \ ldap_fetch_mkey.so ldap_fetch_mkey.po $(OUTPRE)ldap_fetch_mkey.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_fetch_mkey.c ldap_handle.h ldap_krbcontainer.h \ @@ -302,10 +305,10 @@ ldap_fetch_mkey.so ldap_fetch_mkey.po $(OUTPRE)ldap_fetch_mkey.$(OBJEXT): \ ldap_service_stash.so ldap_service_stash.po $(OUTPRE)ldap_service_stash.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ kdb_ldap.h ldap_handle.h ldap_krbcontainer.h ldap_main.h \ @@ -314,9 +317,10 @@ ldap_service_stash.so ldap_service_stash.po $(OUTPRE)ldap_service_stash.$(OBJEXT kdb_xdr.so kdb_xdr.po $(OUTPRE)kdb_xdr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h kdb_xdr.c kdb_xdr.h ldap_err.so ldap_err.po $(OUTPRE)ldap_err.$(OBJEXT): \ diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c index 4991e98be..f95105678 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c @@ -77,6 +77,7 @@ krb5_ldap_readpassword(context, ldap_context, password) krb5_set_error_message (context, st, "%s", errbuf); goto rp_exit; } + set_cloexec_file(fptr); /* get the record from the file */ while (fgets(line, RECORDLEN, fptr)!= NULL) { diff --git a/src/plugins/locate/python/py-locate.c b/src/plugins/locate/python/py-locate.c index 4f840fcc5..4e9961265 100644 --- a/src/plugins/locate/python/py-locate.c +++ b/src/plugins/locate/python/py-locate.c @@ -1,7 +1,7 @@ /* * plugins/locate/python/py-locate.c * - * Copyright 2006 Massachusetts Institute of Technology. + * Copyright 2006, 2007 Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -104,6 +104,7 @@ my_init (void) SCRIPT_PATH, strerror(errno)); return -1; } + set_cloexec_file(f); PyRun_SimpleFile (f, SCRIPT_PATH); fclose(f); mainmodule = PyModule_GetDict(PyImport_AddModule("__main__")); diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c index 1859b4f1a..e7e04d8ee 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -3736,6 +3736,7 @@ pkinit_get_certs_pkcs12(krb5_context context, idopts->cert_filename, errno); goto cleanup; } + set_cloexec_file(fp); p12 = d2i_PKCS12_fp(fp, NULL); fclose(fp); diff --git a/src/plugins/preauth/pkinit/pkinit_lib.c b/src/plugins/preauth/pkinit/pkinit_lib.c index f49ef5ebf..046e3e264 100644 --- a/src/plugins/preauth/pkinit/pkinit_lib.c +++ b/src/plugins/preauth/pkinit/pkinit_lib.c @@ -470,6 +470,8 @@ print_buffer_bin(unsigned char *buf, unsigned int len, char *filename) if ((f = fopen(filename, "w")) == NULL) return; + set_cloexec_file(f); + for (i = 0; i < len; i++) fputc(buf[i], f); |