From 9d67a02b5f691583220ab858cd2c6a92079e107f Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@zerotier.com>
Date: Sun, 26 Jan 2014 10:32:12 -0800
Subject: [PATCH] Lock down individual files in networks.d instead of directory
 since directory ACLs are more complex on Windows.

---
 node/Network.cpp | 3 +++
 node/Node.cpp    | 3 +--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/node/Network.cpp b/node/Network.cpp
index 37f006256..af7623c1a 100644
--- a/node/Network.cpp
+++ b/node/Network.cpp
@@ -116,6 +116,8 @@ void Network::setConfiguration(const Dictionary &conf,bool saveToDisk)
 				std::string confPath(_r->homePath + ZT_PATH_SEPARATOR_S + "networks.d" + ZT_PATH_SEPARATOR_S + idString() + ".conf");
 				if (!Utils::writeFile(confPath.c_str(),conf.toString())) {
 					LOG("error: unable to write network configuration file at: %s",confPath.c_str());
+				} else {
+					Utils::lockDownFile(confPath.c_str(),false);
 				}
 			}
 		} else {
@@ -368,6 +370,7 @@ void Network::_dumpMulticastCerts()
 	}
 
 	fclose(mcdb);
+	Utils::lockDownFile(mcdbPath.c_str(),false);
 }
 
 } // namespace ZeroTier
diff --git a/node/Node.cpp b/node/Node.cpp
index e55cad04c..25c080676 100644
--- a/node/Node.cpp
+++ b/node/Node.cpp
@@ -419,7 +419,7 @@ Node::ReasonForTermination Node::run()
 		}
 		Utils::lockDownFile(identitySecretPath.c_str(),false);
 
-		// Make sure networks.d exists and is secure
+		// Make sure networks.d exists
 		{
 			std::string networksDotD(_r->homePath + ZT_PATH_SEPARATOR_S + "networks.d");
 #ifdef __WINDOWS__
@@ -427,7 +427,6 @@ Node::ReasonForTermination Node::run()
 #else
 			mkdir(networksDotD.c_str(),0700);
 #endif
-			Utils::lockDownFile(networksDotD.c_str(),true);
 		}
 
 		// Load or generate config authentication secret