UTILS: More restrictive permissions in domain_info

There are two occurances of creating temp. file under SSS_DFL_X_UMASK
permissions which enable possibility to grant executable permission.
After writting to those temp. files, they are renamed and they
get 0644 permissions. So SSS_DFL_UMASK is good enough fot this case.

Resolves:
https://fedorahosted.org/sssd/ticket/2424

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c
index 04e7d08d5..baed132ce 100644
--- a/src/util/domain_info_utils.c
+++ b/src/util/domain_info_utils.c
@@ -312,7 +312,7 @@ sss_write_domain_mappings(struct sss_domain_info *domain)
         goto done;
     }
 
-    old_mode = umask(SSS_DFL_X_UMASK);
+    old_mode = umask(SSS_DFL_UMASK);
     fd = mkstemp(tmp_file);
     umask(old_mode);
     if (fd < 0) {
@@ -562,7 +562,7 @@ static errno_t sss_write_krb5_localauth_snippet(const char *path)
         goto done;
     }
 
-    old_mode = umask(SSS_DFL_X_UMASK);
+    old_mode = umask(SSS_DFL_UMASK);
     fd = mkstemp(tmp_file);
     umask(old_mode);
     if (fd < 0) {