From 2f6a94e30458df92fb26c3d810f613d1e4cff99b Mon Sep 17 00:00:00 2001 From: Petr Cech Date: Tue, 6 Oct 2015 03:04:44 -0400 Subject: REFACTOR: SCKT_RSP_UMASK constant in responder code This patch adds new SCKT_RSP_UMASK constant which stands for 0111. And it replaces all occurances in responder code. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek --- src/responder/common/responder.h | 4 ++++ src/responder/common/responder_common.c | 2 +- src/responder/pam/pamsrv.c | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) (limited to 'src/responder') diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index 72c7f4e67..f363c2074 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -43,6 +43,10 @@ extern hash_table_t *dp_requests; * so set our umask to 0177 */ #define DFL_RSP_UMASK SSS_DFL_UMASK +/* Public sockets must be readable and writable by anybody on the system. + * So we set umask to 0111. */ +#define SCKT_RSP_UMASK 0111 + /* if there is a provider other than the special local */ #define NEED_CHECK_PROVIDER(provider) \ (provider != NULL && strcmp(provider, "local") != 0) diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index baaf0412b..ebb30a458 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -667,7 +667,7 @@ static int set_unix_socket(struct resp_ctx *rctx) /* Set the umask so that permissions are set right on the socket. * It must be readable and writable by anybody on the system. */ if (rctx->lfd == -1) { - ret = create_pipe_fd(rctx->sock_name, &rctx->lfd, 0111); + ret = create_pipe_fd(rctx->sock_name, &rctx->lfd, SCKT_RSP_UMASK); if (ret != EOK) { return ret; } diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c index 6ac770b7a..a63b52ec1 100644 --- a/src/responder/pam/pamsrv.c +++ b/src/responder/pam/pamsrv.c @@ -388,7 +388,7 @@ int main(int argc, const char *argv[]) /* Crate pipe file descriptors here before privileges are dropped * in server_setup() */ - ret = create_pipe_fd(SSS_PAM_SOCKET_NAME, &pipe_fd, 0111); + ret = create_pipe_fd(SSS_PAM_SOCKET_NAME, &pipe_fd, SCKT_RSP_UMASK); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "create_pipe_fd failed [%d]: %s.\n", -- cgit