From 4b7c8ee5368285ccdcafe4bbd840e7ba5eb06453 Mon Sep 17 00:00:00 2001
From: David Lawrence <source@isc.org>
Date: Tue, 20 Jun 2000 04:13:40 +0000
Subject: [PATCH] use libisc fsaccess to make private key file accessible only
 to owner

---
 lib/dns/sec/dst/dst_parse.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/lib/dns/sec/dst/dst_parse.c b/lib/dns/sec/dst/dst_parse.c
index 6baad83dc0..2ad12bf1a0 100644
--- a/lib/dns/sec/dst/dst_parse.c
+++ b/lib/dns/sec/dst/dst_parse.c
@@ -19,21 +19,19 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: dst_parse.c,v 1.21 2000/06/09 20:58:34 gson Exp $
+ * $Id: dst_parse.c,v 1.22 2000/06/20 04:13:40 tale Exp $
  */
 
 #include <config.h>
 
 #include <isc/base64.h>
 #include <isc/dir.h>
+#include <isc/fsaccess.h>
 #include <isc/lex.h>
 #include <isc/mem.h>
 #include <isc/string.h>
 #include <isc/util.h>
 
-/* XXXBEW For chmod.  This should be removed. */
-#include <sys/stat.h>
-
 #include "dst_internal.h"
 #include "dst_parse.h"
 #include "dst/result.h"
@@ -344,6 +342,7 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
 	char filename[ISC_DIR_NAMEMAX];
 	char buffer[MAXFIELDSIZE * 2];
 	isc_buffer_t b;
+	isc_fsaccess_t access;
 
 	REQUIRE(priv != NULL);
 
@@ -358,9 +357,13 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
 	if ((fp = fopen(filename, "w")) == NULL)
 		return (DST_R_WRITEERROR);
 
-	/* XXXBEW This won't exist on non-unix systems.  Hmmm.... */
-	chmod(filename, 0600);
+	access = 0;
+	isc_fsaccess_add(ISC_FSACCESS_OWNER,
+			 ISC_FSACCESS_READ | ISC_FSACCESS_WRITE,
+			 &access);
+	(void)isc_fsaccess_set(filename, access);
 
+	/* XXXDCL return value should be checked for full filesystem */
 	fprintf(fp, "%s v%d.%d\n", PRIVATE_KEY_STR, MAJOR_VERSION,
 		MINOR_VERSION);