From 458f5245dd5130d12666cce6faf8ef1ec7f80169 Mon Sep 17 00:00:00 2001 From: Pavel Reichl Date: Fri, 24 Oct 2014 12:42:50 +0100 Subject: RESPONDERS: Set default value for umask Resolves: https://fedorahosted.org/sssd/ticket/2468 Reviewed-by: Jakub Hrozek --- src/responder/autofs/autofssrv.c | 2 ++ src/responder/common/responder.h | 4 ++++ src/responder/ifp/ifpsrv.c | 2 ++ src/responder/nss/nsssrv.c | 2 ++ src/responder/pac/pacsrv.c | 2 ++ src/responder/pam/pamsrv.c | 2 ++ src/responder/ssh/sshsrv.c | 2 ++ src/responder/sudo/sudosrv.c | 2 ++ 8 files changed, 18 insertions(+) diff --git a/src/responder/autofs/autofssrv.c b/src/responder/autofs/autofssrv.c index 44474ee08..91f529135 100644 --- a/src/responder/autofs/autofssrv.c +++ b/src/responder/autofs/autofssrv.c @@ -220,6 +220,8 @@ int main(int argc, const char *argv[]) /* Set debug level to invalid value so we can decide if -d 0 was used. */ debug_level = SSSDBG_INVALID; + umask(DFL_RSP_UMASK); + pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index cd2b3232c..e3c0f2267 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -38,6 +38,10 @@ extern hash_table_t *dp_requests; +/* we want default permissions on created files to be very strict, + * so set our umask to 0177 */ +#define DFL_RSP_UMASK 0177 + /* if there is a provider other than the special local */ #define NEED_CHECK_PROVIDER(provider) \ (provider != NULL && strcmp(provider, "local") != 0) diff --git a/src/responder/ifp/ifpsrv.c b/src/responder/ifp/ifpsrv.c index eddeec981..367438c71 100644 --- a/src/responder/ifp/ifpsrv.c +++ b/src/responder/ifp/ifpsrv.c @@ -454,6 +454,8 @@ int main(int argc, const char *argv[]) /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; + umask(DFL_RSP_UMASK); + pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index cfb146464..1bbeaa153 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -550,6 +550,8 @@ int main(int argc, const char *argv[]) /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; + umask(DFL_RSP_UMASK); + pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { diff --git a/src/responder/pac/pacsrv.c b/src/responder/pac/pacsrv.c index 3eb21c8ff..859ae86a5 100644 --- a/src/responder/pac/pacsrv.c +++ b/src/responder/pac/pacsrv.c @@ -229,6 +229,8 @@ int main(int argc, const char *argv[]) /* Set debug level to invalid value so we can decide if -d 0 was used. */ debug_level = SSSDBG_INVALID; + umask(DFL_RSP_UMASK); + pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c index c7e3c20b2..886136b42 100644 --- a/src/responder/pam/pamsrv.c +++ b/src/responder/pam/pamsrv.c @@ -332,6 +332,8 @@ int main(int argc, const char *argv[]) /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; + umask(DFL_RSP_UMASK); + pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { diff --git a/src/responder/ssh/sshsrv.c b/src/responder/ssh/sshsrv.c index b1969b49d..1bcf4e21a 100644 --- a/src/responder/ssh/sshsrv.c +++ b/src/responder/ssh/sshsrv.c @@ -197,6 +197,8 @@ int main(int argc, const char *argv[]) /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; + umask(DFL_RSP_UMASK); + pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c index a25f98eca..e480c7a43 100644 --- a/src/responder/sudo/sudosrv.c +++ b/src/responder/sudo/sudosrv.c @@ -177,6 +177,8 @@ int main(int argc, const char *argv[]) /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; + umask(DFL_RSP_UMASK); + pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { -- cgit