diff options
| author | Petr Cech <pcech@redhat.com> | 2015-10-06 03:04:44 -0400 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-10-14 13:27:16 +0200 |
| commit | 2f6a94e30458df92fb26c3d810f613d1e4cff99b (patch) | |
| tree | b0339cd672701ad44bbd33706658685469394b2a /src | |
| parent | f8e337540d280f944098cd4dd7d670e2f7166b54 (diff) | |
| download | sssd-2f6a94e30458df92fb26c3d810f613d1e4cff99b.tar.gz sssd-2f6a94e30458df92fb26c3d810f613d1e4cff99b.tar.xz sssd-2f6a94e30458df92fb26c3d810f613d1e4cff99b.zip | |
REFACTOR: SCKT_RSP_UMASK constant in responder code
This patch adds new SCKT_RSP_UMASK constant which stands for 0111. And
it replaces all occurances in responder code.
Resolves:
https://fedorahosted.org/sssd/ticket/2424
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/responder/common/responder.h | 4 | ||||
| -rw-r--r-- | src/responder/common/responder_common.c | 2 | ||||
| -rw-r--r-- | src/responder/pam/pamsrv.c | 2 |
3 files changed, 6 insertions, 2 deletions
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index 72c7f4e67..f363c2074 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -43,6 +43,10 @@ extern hash_table_t *dp_requests; * so set our umask to 0177 */ #define DFL_RSP_UMASK SSS_DFL_UMASK +/* Public sockets must be readable and writable by anybody on the system. + * So we set umask to 0111. */ +#define SCKT_RSP_UMASK 0111 + /* if there is a provider other than the special local */ #define NEED_CHECK_PROVIDER(provider) \ (provider != NULL && strcmp(provider, "local") != 0) diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index baaf0412b..ebb30a458 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -667,7 +667,7 @@ static int set_unix_socket(struct resp_ctx *rctx) /* Set the umask so that permissions are set right on the socket. * It must be readable and writable by anybody on the system. */ if (rctx->lfd == -1) { - ret = create_pipe_fd(rctx->sock_name, &rctx->lfd, 0111); + ret = create_pipe_fd(rctx->sock_name, &rctx->lfd, SCKT_RSP_UMASK); if (ret != EOK) { return ret; } diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c index 6ac770b7a..a63b52ec1 100644 --- a/src/responder/pam/pamsrv.c +++ b/src/responder/pam/pamsrv.c @@ -388,7 +388,7 @@ int main(int argc, const char *argv[]) /* Crate pipe file descriptors here before privileges are dropped * in server_setup() */ - ret = create_pipe_fd(SSS_PAM_SOCKET_NAME, &pipe_fd, 0111); + ret = create_pipe_fd(SSS_PAM_SOCKET_NAME, &pipe_fd, SCKT_RSP_UMASK); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "create_pipe_fd failed [%d]: %s.\n", |