From 7b5981996cd17e4fc844dda029b9d1ac2c19ae8a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Mon, 28 Jul 2008 08:49:43 +0000
Subject: [PATCH] sprinle O_CLOEXEC, from Andrew Bartlett

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23474 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/krb5/crypto.c         |  2 +-
 lib/krb5/fcache.c         | 10 +++++-----
 lib/krb5/keytab_file.c    |  8 ++++----
 lib/krb5/keytab_keyfile.c |  6 +++---
 lib/krb5/krb5_locl.h      |  4 ++++
 5 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c
index 146a32697..7250b17c8 100644
--- a/lib/krb5/crypto.c
+++ b/lib/krb5/crypto.c
@@ -3452,7 +3452,7 @@ seed_something(void)
        so use 0 for the entropy estimate */
     if (RAND_file_name(seedfile, sizeof(seedfile))) {
 	int fd;
-	fd = open(seedfile, O_RDONLY);
+	fd = open(seedfile, O_RDONLY | O_BINARY | O_CLOEXEC);
 	if (fd >= 0) {
 	    ssize_t ret;
 	    rk_cloexec(fd);
diff --git a/lib/krb5/fcache.c b/lib/krb5/fcache.c
index 713e9df20..fc1189345 100644
--- a/lib/krb5/fcache.c
+++ b/lib/krb5/fcache.c
@@ -395,7 +395,7 @@ fcc_initialize(krb5_context context,
 
     unlink (filename);
   
-    ret = fcc_open(context, id, &fd, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
+    ret = fcc_open(context, id, &fd, O_RDWR | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600);
     if(ret)
 	return ret;
     {
@@ -462,7 +462,7 @@ fcc_store_cred(krb5_context context,
     int ret;
     int fd;
 
-    ret = fcc_open(context, id, &fd, O_WRONLY | O_APPEND | O_BINARY, 0);
+    ret = fcc_open(context, id, &fd, O_WRONLY | O_APPEND | O_BINARY | O_CLOEXEC, 0);
     if(ret)
 	return ret;
     {
@@ -503,7 +503,7 @@ init_fcc (krb5_context context,
     krb5_storage *sp;
     krb5_error_code ret;
 
-    ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY, 0);
+    ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY | O_CLOEXEC, 0);
     if(ret)
 	return ret;
     
@@ -851,14 +851,14 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
 	int fd1, fd2;
 	char buf[BUFSIZ];
 
-	ret = fcc_open(context, from, &fd1, O_RDONLY | O_BINARY, 0);
+	ret = fcc_open(context, from, &fd1, O_RDONLY | O_BINARY | O_CLOEXEC, 0);
 	if(ret)
 	    return ret;
 
 	unlink(FILENAME(to));
 
 	ret = fcc_open(context, to, &fd2, 
-		       O_WRONLY | O_CREAT | O_EXCL | O_BINARY, 0600);
+		       O_WRONLY | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600);
 	if(ret)
 	    goto out1;
 
diff --git a/lib/krb5/keytab_file.c b/lib/krb5/keytab_file.c
index 5bc27b58f..17f2d5774 100644
--- a/lib/krb5/keytab_file.c
+++ b/lib/krb5/keytab_file.c
@@ -385,7 +385,7 @@ fkt_start_seq_get(krb5_context context,
 		  krb5_keytab id, 
 		  krb5_kt_cursor *c)
 {
-    return fkt_start_seq_get_int(context, id, O_RDONLY | O_BINARY, 0, c);
+    return fkt_start_seq_get_int(context, id, O_RDONLY | O_BINARY | O_CLOEXEC, 0, c);
 }
 
 static krb5_error_code
@@ -488,9 +488,9 @@ fkt_add_entry(krb5_context context,
     krb5_data keytab;
     int32_t len;
     
-    fd = open (d->filename, O_RDWR | O_BINARY);
+    fd = open (d->filename, O_RDWR | O_BINARY | O_CLOEXEC);
     if (fd < 0) {
-	fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
+	fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600);
 	if (fd < 0) {
 	    ret = errno;
 	    krb5_set_error_message(context, ret, "open(%s): %s", d->filename,
@@ -632,7 +632,7 @@ fkt_remove_entry(krb5_context context,
     int found = 0;
     krb5_error_code ret;
     
-    ret = fkt_start_seq_get_int(context, id, O_RDWR | O_BINARY, 1, &cursor);
+    ret = fkt_start_seq_get_int(context, id, O_RDWR | O_BINARY | O_CLOEXEC, 1, &cursor);
     if(ret != 0) 
 	goto out; /* return other error here? */
     while(fkt_next_entry_int(context, id, &e, &cursor, 
diff --git a/lib/krb5/keytab_keyfile.c b/lib/krb5/keytab_keyfile.c
index f8ddd2356..3339a9631 100644
--- a/lib/krb5/keytab_keyfile.c
+++ b/lib/krb5/keytab_keyfile.c
@@ -194,7 +194,7 @@ akf_start_seq_get(krb5_context context,
     int32_t ret;
     struct akf_data *d = id->data;
 
-    c->fd = open (d->filename, O_RDONLY|O_BINARY, 0600);
+    c->fd = open (d->filename, O_RDONLY | O_BINARY | O_CLOEXEC, 0600);
     if (c->fd < 0) {
 	ret = errno;
 	krb5_set_error_message(context, ret, "keytab afs keyfil open %s failed: %s",
@@ -301,10 +301,10 @@ akf_add_entry(krb5_context context,
 	return 0;
     }
 
-    fd = open (d->filename, O_RDWR | O_BINARY);
+    fd = open (d->filename, O_RDWR | O_BINARY | O_CLOEXEC);
     if (fd < 0) {
 	fd = open (d->filename,
-		   O_RDWR | O_BINARY | O_CREAT | O_EXCL, 0600);
+		   O_RDWR | O_BINARY | O_CREAT | O_EXCL | O_CLOEXEC, 0600);
 	if (fd < 0) {
 	    ret = errno;
 	    krb5_set_error_message(context, ret, "open(%s): %s", d->filename,
diff --git a/lib/krb5/krb5_locl.h b/lib/krb5/krb5_locl.h
index 27a753059..3cea08960 100644
--- a/lib/krb5/krb5_locl.h
+++ b/lib/krb5/krb5_locl.h
@@ -176,6 +176,10 @@ struct _krb5_krb_auth_data;
 #define O_BINARY 0
 #endif
 
+#ifndef O_CLOEXEC
+#define O_CLOEXEC 0
+#endif
+
 #define KRB5_BUFSIZ 1024
 
 typedef enum {