From d238b5e578d3c398c4925cd4689a3d6d8c21f4b1 Mon Sep 17 00:00:00 2001
From: Nikolay Volf <nikvolf@gmail.com>
Date: Thu, 28 Apr 2016 17:59:40 +0300
Subject: [PATCH] updating key files permissions on save (#1010)

* chmod when saving keyfile content

* to func

* returning error upstream instead of panic
---
 util/src/keys/directory.rs | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/util/src/keys/directory.rs b/util/src/keys/directory.rs
index 082a7f427..cc9ea37af 100644
--- a/util/src/keys/directory.rs
+++ b/util/src/keys/directory.rs
@@ -465,6 +465,14 @@ pub struct KeyDirectory {
 	cache_usage: RwLock<VecDeque<Uuid>>,
 }
 
+fn restrict_permissions_owner(file_path: &Path) -> Result<(), i32>  {
+	let cstr = ::std::ffi::CString::new(file_path.to_str().unwrap()).unwrap();
+	match unsafe { ::libc::chmod(cstr.as_ptr(), ::libc::S_IWUSR | ::libc::S_IRUSR) } {
+		0 => Ok(()),
+		x => Err(x),
+	}
+}
+
 impl KeyDirectory {
 	/// Initializes new cache directory context with a given `path`
 	pub fn new(path: &Path) -> KeyDirectory {
@@ -484,6 +492,11 @@ impl KeyDirectory {
 			let json_bytes = json_text.into_bytes();
 			try!(file.write(&json_bytes));
 		}
+		if let Err(error_code) = restrict_permissions_owner(self.key_path(&key_file.id).as_path()) {
+			fs::remove_file(self.key_path(&key_file.id)).unwrap();
+			warn!(target: "sstore", "fatal: failed to modify permissions of the file (chmod: {})", error_code);
+			return Err(::std::io::Error::last_os_error());
+		}
 		let mut cache = self.cache.write().unwrap();
 		let id = key_file.id.clone();
 		cache.insert(id.clone(), key_file);