LDAP: Set umask before calling mkstemp

Even though we only call mkstemp to generate a random filename, it's a
good practice to set and re-set umask before and after calling mkstemp.

Silences a warning from Coverity static analyzer.

Reviewed-by: Sumit Bose <sbose@redhat.com>

1 files changed, 3 insertions, 0 deletions

diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c
index 6ef7bd204..e5779b709 100644
--- a/src/providers/ldap/ldap_child.c
+++ b/src/providers/ldap/ldap_child.c
@@ -189,6 +189,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx,
     TALLOC_CTX *tmp_ctx;
     char *ccname_file_dummy;
     char *ccname_file;
+    mode_t old_umask;
 
     krberr = krb5_init_context(&context);
     if (krberr) {
@@ -303,7 +304,9 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx,
         goto done;
     }
 
+    old_umask = umask(077);
     fd = mkstemp(ccname_file_dummy);
+    umask(old_umask);
     if (fd == -1) {
         ret = errno;
         goto done;