diff -ur globus_gsi_credential-1.9.orig/library/globus_gsi_credential.c globus_gsi_credential-1.9/library/globus_gsi_credential.c --- globus_gsi_credential-1.9.orig/library/globus_gsi_credential.c 2006-07-31 20:21:42.000000000 +0200 +++ globus_gsi_credential-1.9/library/globus_gsi_credential.c 2006-11-21 23:52:15.000000000 +0100 @@ -15,8 +15,8 @@ * @author Sam Lang, Sam Meder * * $RCSfile: globus_gsi_credential.c,v $ - * $Revision: 1.36.4.1 $ - * $Date: 2006/07/31 18:21:42 $ + * $Revision: 1.36.4.2 $ + * $Date: 2006/10/03 23:13:32 $ */ #endif @@ -1590,12 +1590,20 @@ { globus_result_t result = GLOBUS_SUCCESS; BIO * proxy_bio = NULL; + mode_t oldmask; + FILE * temp_proxy_fp = NULL; + int temp_proxy_fd = -1; static char * _function_name_ = "globus_gsi_cred_write_proxy"; GLOBUS_I_GSI_CRED_DEBUG_ENTER; + /* + * For systems that does not support a third (mode) argument in open() + */ + oldmask = globus_libc_umask(0077); + if(handle == NULL) { GLOBUS_GSI_CRED_ERROR_RESULT( @@ -1605,8 +1613,22 @@ goto exit; } - result = GLOBUS_GSI_SYSCONFIG_SET_KEY_PERMISSIONS(proxy_filename); - if(result != GLOBUS_SUCCESS) + /* + * We always unlink the file first; it is the only way to be + * certain that the file we open has never in its entire lifetime + * had the world-readable bit set. + */ + unlink(proxy_filename); + + /* + * Now, we must open w/ O_EXCL to make certain that WE are + * creating the file, so we know that the file was BORN w/ mode 0600. + * As a bonus, O_EXCL flag will cause a failure in the presence + * of a symlink, so we are safe from zaping a file due to the + * presence of a symlink. + */ + if ((temp_proxy_fd = globus_libc_open( + proxy_filename, O_WRONLY|O_EXCL|O_CREAT, S_IRUSR|S_IWUSR)) < 0) { GLOBUS_GSI_CRED_ERROR_CHAIN_RESULT( result, @@ -1614,15 +1636,35 @@ goto exit; } - if(!(proxy_bio = BIO_new_file(proxy_filename, "w"))) + /* Finally, we have a safe fd. Make it a stream like ssl wants. */ + temp_proxy_fp = fdopen(temp_proxy_fd,"w"); + + /* Hand the stream over to ssl */ + if( !(temp_proxy_fp) || + !(proxy_bio = BIO_new_fp(temp_proxy_fp, BIO_CLOSE))) { GLOBUS_GSI_CRED_OPENSSL_ERROR_RESULT( result, GLOBUS_GSI_CRED_ERROR_WRITING_PROXY_CRED, (_GCRSL("Can't open bio stream for writing to file: %s"), proxy_filename)); + if ( temp_proxy_fp ) + { + fclose(temp_proxy_fp); + } + else if (temp_proxy_fd >= 0 ) + { + /* close underlying fd if we do not have a stream */ + close(temp_proxy_fd); + } + goto exit; } + /* + * Note: at this point, calling BIO_free(proxy_bio) will + * fclose the temp_proxy_fp, which in turn should close temp_proxy_fd. + */ + result = globus_gsi_cred_write(handle, proxy_bio); if(result != GLOBUS_SUCCESS) { @@ -1649,6 +1691,7 @@ exit: + globus_libc_umask(oldmask); GLOBUS_I_GSI_CRED_DEBUG_EXIT; return result; } diff -ur globus_gsi_credential-1.9.orig/library/globus_gsi_cred_handle.c globus_gsi_credential-1.9/library/globus_gsi_cred_handle.c --- globus_gsi_credential-1.9.orig/library/globus_gsi_cred_handle.c 2006-02-27 18:19:10.000000000 +0100 +++ globus_gsi_credential-1.9/library/globus_gsi_cred_handle.c 2006-11-21 23:52:15.000000000 +0100 @@ -15,8 +15,8 @@ * @author Sam Lang, Sam Meder * * $RCSfile: globus_gsi_cred_handle.c,v $ - * $Revision: 1.28.4.3 $ - * $Date: 2006/02/27 17:19:10 $ + * $Revision: 1.28.4.3.2.2 $ + * $Date: 2006/11/07 00:37:46 $ */ #endif @@ -1721,7 +1721,18 @@ store_context, callback_data_index, (void *)callback_data); - + + /* + * If this is not set, OpenSSL-0.9.8 (check_chain_extensions() + * called by x509_verify_cert()) treats the cert next to proxy + * in the chain to be CA cert and throws invalid CA error + */ + + #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) + X509_STORE_CTX_set_flags( + store_context, X509_V_FLAG_ALLOW_PROXY_CERTS); + #endif + if(!X509_verify_cert(store_context)) { globus_result_t callback_error;