Blame SOURCES/0046-RESPONDERS-Set-default-value-for-umask.patch

905b4d
From 7c30e5abf469134253d5bdec29cda7b47c41ca3e Mon Sep 17 00:00:00 2001
905b4d
From: Pavel Reichl <preichl@redhat.com>
905b4d
Date: Fri, 24 Oct 2014 12:42:50 +0100
905b4d
Subject: [PATCH 46/46] RESPONDERS: Set default value for umask
905b4d
905b4d
Resolves: https://fedorahosted.org/sssd/ticket/2468
905b4d
905b4d
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
905b4d
(cherry picked from commit 458f5245dd5130d12666cce6faf8ef1ec7f80169)
905b4d
---
905b4d
 src/responder/autofs/autofssrv.c | 2 ++
905b4d
 src/responder/common/responder.h | 4 ++++
905b4d
 src/responder/ifp/ifpsrv.c       | 2 ++
905b4d
 src/responder/nss/nsssrv.c       | 2 ++
905b4d
 src/responder/pac/pacsrv.c       | 2 ++
905b4d
 src/responder/pam/pamsrv.c       | 2 ++
905b4d
 src/responder/ssh/sshsrv.c       | 2 ++
905b4d
 src/responder/sudo/sudosrv.c     | 2 ++
905b4d
 8 files changed, 18 insertions(+)
905b4d
905b4d
diff --git a/src/responder/autofs/autofssrv.c b/src/responder/autofs/autofssrv.c
905b4d
index 44474ee0858d92fb5965de07773e3ad1e020ebfd..91f529135e9bd74a5cf89edadd98fb2368630b5e 100644
905b4d
--- a/src/responder/autofs/autofssrv.c
905b4d
+++ b/src/responder/autofs/autofssrv.c
905b4d
@@ -220,6 +220,8 @@ int main(int argc, const char *argv[])
905b4d
     /* Set debug level to invalid value so we can decide if -d 0 was used. */
905b4d
     debug_level = SSSDBG_INVALID;
905b4d
 
905b4d
+    umask(DFL_RSP_UMASK);
905b4d
+
905b4d
     pc = poptGetContext(argv[0], argc, argv, long_options, 0);
905b4d
     while((opt = poptGetNextOpt(pc)) != -1) {
905b4d
         switch(opt) {
905b4d
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
905b4d
index cd2b3232c53e919c7d47170ccd1016a8604c9742..e3c0f226775d279ea8c0f300cc2de54d2f7f9b72 100644
905b4d
--- a/src/responder/common/responder.h
905b4d
+++ b/src/responder/common/responder.h
905b4d
@@ -38,6 +38,10 @@
905b4d
 
905b4d
 extern hash_table_t *dp_requests;
905b4d
 
905b4d
+/* we want default permissions on created files to be very strict,
905b4d
+ * so set our umask to 0177 */
905b4d
+#define DFL_RSP_UMASK 0177
905b4d
+
905b4d
 /* if there is a provider other than the special local */
905b4d
 #define NEED_CHECK_PROVIDER(provider) \
905b4d
     (provider != NULL && strcmp(provider, "local") != 0)
905b4d
diff --git a/src/responder/ifp/ifpsrv.c b/src/responder/ifp/ifpsrv.c
905b4d
index eddeec9812bdd650bfbfb78ede91bf3704113504..367438c71b77576f1c7c3054061db684fd134c20 100644
905b4d
--- a/src/responder/ifp/ifpsrv.c
905b4d
+++ b/src/responder/ifp/ifpsrv.c
905b4d
@@ -454,6 +454,8 @@ int main(int argc, const char *argv[])
905b4d
     /* Set debug level to invalid value so we can deside if -d 0 was used. */
905b4d
     debug_level = SSSDBG_INVALID;
905b4d
 
905b4d
+    umask(DFL_RSP_UMASK);
905b4d
+
905b4d
     pc = poptGetContext(argv[0], argc, argv, long_options, 0);
905b4d
     while((opt = poptGetNextOpt(pc)) != -1) {
905b4d
         switch(opt) {
905b4d
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
905b4d
index cfb146464d224cdb8b517d23a86421da7eaccd1f..1bbeaa1534ee3e0db72dda13ff9d01ef7fba6adf 100644
905b4d
--- a/src/responder/nss/nsssrv.c
905b4d
+++ b/src/responder/nss/nsssrv.c
905b4d
@@ -550,6 +550,8 @@ int main(int argc, const char *argv[])
905b4d
     /* Set debug level to invalid value so we can deside if -d 0 was used. */
905b4d
     debug_level = SSSDBG_INVALID;
905b4d
 
905b4d
+    umask(DFL_RSP_UMASK);
905b4d
+
905b4d
     pc = poptGetContext(argv[0], argc, argv, long_options, 0);
905b4d
     while((opt = poptGetNextOpt(pc)) != -1) {
905b4d
         switch(opt) {
905b4d
diff --git a/src/responder/pac/pacsrv.c b/src/responder/pac/pacsrv.c
905b4d
index 3eb21c8fff85343249494bcc06d97cda4b738034..859ae86a54daf268c73ab97b0a1f67967d7e714f 100644
905b4d
--- a/src/responder/pac/pacsrv.c
905b4d
+++ b/src/responder/pac/pacsrv.c
905b4d
@@ -229,6 +229,8 @@ int main(int argc, const char *argv[])
905b4d
     /* Set debug level to invalid value so we can decide if -d 0 was used. */
905b4d
     debug_level = SSSDBG_INVALID;
905b4d
 
905b4d
+    umask(DFL_RSP_UMASK);
905b4d
+
905b4d
     pc = poptGetContext(argv[0], argc, argv, long_options, 0);
905b4d
     while((opt = poptGetNextOpt(pc)) != -1) {
905b4d
         switch(opt) {
905b4d
diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c
905b4d
index c7e3c20b2731efb9393bc820ab09486c48e0a9ea..886136b420b6184a86ce6e0d9ac84dd3dea9a94b 100644
905b4d
--- a/src/responder/pam/pamsrv.c
905b4d
+++ b/src/responder/pam/pamsrv.c
905b4d
@@ -332,6 +332,8 @@ int main(int argc, const char *argv[])
905b4d
     /* Set debug level to invalid value so we can deside if -d 0 was used. */
905b4d
     debug_level = SSSDBG_INVALID;
905b4d
 
905b4d
+    umask(DFL_RSP_UMASK);
905b4d
+
905b4d
     pc = poptGetContext(argv[0], argc, argv, long_options, 0);
905b4d
     while((opt = poptGetNextOpt(pc)) != -1) {
905b4d
         switch(opt) {
905b4d
diff --git a/src/responder/ssh/sshsrv.c b/src/responder/ssh/sshsrv.c
905b4d
index b1969b49de8579f0136c3afa78eb16d68c81ee4e..1bcf4e21a89e4e7b7697e9d90ab239cbf9d231e9 100644
905b4d
--- a/src/responder/ssh/sshsrv.c
905b4d
+++ b/src/responder/ssh/sshsrv.c
905b4d
@@ -197,6 +197,8 @@ int main(int argc, const char *argv[])
905b4d
     /* Set debug level to invalid value so we can deside if -d 0 was used. */
905b4d
     debug_level = SSSDBG_INVALID;
905b4d
 
905b4d
+    umask(DFL_RSP_UMASK);
905b4d
+
905b4d
     pc = poptGetContext(argv[0], argc, argv, long_options, 0);
905b4d
     while((opt = poptGetNextOpt(pc)) != -1) {
905b4d
         switch(opt) {
905b4d
diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c
905b4d
index a25f98ecabaa952a7cd87c54cd302903cb563faf..e480c7a43d453cffcd6ca07e41402c1cf6eef91c 100644
905b4d
--- a/src/responder/sudo/sudosrv.c
905b4d
+++ b/src/responder/sudo/sudosrv.c
905b4d
@@ -177,6 +177,8 @@ int main(int argc, const char *argv[])
905b4d
     /* Set debug level to invalid value so we can deside if -d 0 was used. */
905b4d
     debug_level = SSSDBG_INVALID;
905b4d
 
905b4d
+    umask(DFL_RSP_UMASK);
905b4d
+
905b4d
     pc = poptGetContext(argv[0], argc, argv, long_options, 0);
905b4d
     while((opt = poptGetNextOpt(pc)) != -1) {
905b4d
         switch(opt) {
905b4d
-- 
905b4d
1.9.3
905b4d