Home Explore Help
Sign In
cpp
/
ZeroTierOne
mirror of https://github.com/zerotier/ZeroTierOne
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Lock down individual files in networks.d instead of directory since directory ACLs are more complex on Windows.

Adam Ierymenko 11 years ago
parent
22efa1ab53
commit
9d67a02b5f
2 changed files with 4 additions and 2 deletions
Split View Show Diff Stats
  1. 3 0
      node/Network.cpp
  2. 1 2
      node/Node.cpp

+ 3 - 0
node/Network.cpp
View File 

@@ -116,6 +116,8 @@ void Network::setConfiguration(const Dictionary &conf,bool saveToDisk)
 
 				std::string confPath(_r->homePath + ZT_PATH_SEPARATOR_S + "networks.d" + ZT_PATH_SEPARATOR_S + idString() + ".conf");
 
 				if (!Utils::writeFile(confPath.c_str(),conf.toString())) {
 
 					LOG("error: unable to write network configuration file at: %s",confPath.c_str());
 
+				} else {
 
+					Utils::lockDownFile(confPath.c_str(),false);
 
 				}
 
 			}
 
 		} else {
 
@@ -368,6 +370,7 @@ void Network::_dumpMulticastCerts()
 
 	}
 
 
 	fclose(mcdb);
 
+	Utils::lockDownFile(mcdbPath.c_str(),false);
 
 }
 
 
 } // namespace ZeroTier

+ 1 - 2
node/Node.cpp
View File 

@@ -419,7 +419,7 @@ Node::ReasonForTermination Node::run()
 
 		}
 
 		Utils::lockDownFile(identitySecretPath.c_str(),false);
 
 
-		// Make sure networks.d exists and is secure
 
+		// Make sure networks.d exists
 
 		{
 
 			std::string networksDotD(_r->homePath + ZT_PATH_SEPARATOR_S + "networks.d");
 
 #ifdef __WINDOWS__
 
@@ -427,7 +427,6 @@ Node::ReasonForTermination Node::run()
 
 #else
 
 			mkdir(networksDotD.c_str(),0700);
 
 #endif
 
-			Utils::lockDownFile(networksDotD.c_str(),true);
 
 		}
 
 
 		// Load or generate config authentication secret