prosodyctl: Set stricter umask while generating key (thanks darkrain)

author: Kim Alvefur <zash@zash.se> 2012-09-19 23:26:38 +0200
committer: Kim Alvefur <zash@zash.se> 2012-09-19 23:26:38 +0200
commit: 1c8f6fd030903f6caefaf62ce66cafae0d583f5c (patch)
tree: 1aa77d9fad3655abd5011a1ccb34bd12511db7e6 /prosodyctl
parent: 0eddd6a92fa874fb2c705c8b8a9e4a0d48840c82 (diff)
download: prosody-1c8f6fd030903f6caefaf62ce66cafae0d583f5c.tar.gz
prosody-1c8f6fd030903f6caefaf62ce66cafae0d583f5c.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/prosodyctl b/prosodyctl
index f44dc4f8..519b3efd 100755
--- a/prosodyctl
+++ b/prosodyctl
@@ -687,11 +687,13 @@ function cert_commands.key(arg)
 		if ask_overwrite(key_filename) then
 			return nil, key_filename;
 		end
-		os.remove(key_filename); -- We chmod this file to not have write permissions
+		os.remove(key_filename); -- This file, if it exists is unlikely to have write permissions
 		local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048);
+		local old_umask = pposix.umask("0377");
 		if openssl.genrsa{out=key_filename, key_size} then
 			os.execute(("chmod 400 '%s'"):format(key_filename));
 			show_message("Key written to ".. key_filename);
+			pposix.umask(old_umask);
 			return nil, key_filename;
 		end
 		show_message("There was a problem, see OpenSSL output");
author	Kim Alvefur <zash@zash.se>	2012-09-19 23:26:38 +0200
committer	Kim Alvefur <zash@zash.se>	2012-09-19 23:26:38 +0200
commit	1c8f6fd030903f6caefaf62ce66cafae0d583f5c (patch)
tree	1aa77d9fad3655abd5011a1ccb34bd12511db7e6 /prosodyctl
parent	0eddd6a92fa874fb2c705c8b8a9e4a0d48840c82 (diff)
download	prosody-1c8f6fd030903f6caefaf62ce66cafae0d583f5c.tar.gz prosody-1c8f6fd030903f6caefaf62ce66cafae0d583f5c.zip