From d9c2a21119a6d04203060ad54fa8d20f17f5c0b7 Mon Sep 17 00:00:00 2001
From: Petr Cech <pcech@redhat.com>
Date: Mon, 5 Oct 2015 09:51:20 -0400
Subject: REFACTOR: DFL_RSP_UMASK constant in responder code

There is DFL_RSP_UMASK constant for very secure umask in responder
code. This patch replaces occurances of value 0177 with this constant.

Resolves:
https://fedorahosted.org/sssd/ticket/2424

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
 src/responder/common/responder.h        | 2 +-
 src/responder/common/responder_common.c | 3 ++-
 src/responder/pam/pamsrv.c              | 3 ++-
 3 files changed, 5 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
index 4d927cfe3..72c7f4e67 100644
--- a/src/responder/common/responder.h
+++ b/src/responder/common/responder.h
@@ -41,7 +41,7 @@ extern hash_table_t *dp_requests;
 
 /* we want default permissions on created files to be very strict,
  * so set our umask to 0177 */
-#define DFL_RSP_UMASK 0177
+#define DFL_RSP_UMASK SSS_DFL_UMASK
 
 /* if there is a provider other than the special local */
 #define NEED_CHECK_PROVIDER(provider) \
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index 2097004cb..baaf0412b 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -690,7 +690,8 @@ static int set_unix_socket(struct resp_ctx *rctx)
     if (rctx->priv_sock_name != NULL ) {
         /* create privileged pipe */
         if (rctx->priv_lfd == -1) {
-            ret = create_pipe_fd(rctx->priv_sock_name, &rctx->priv_lfd, 0177);
+            ret = create_pipe_fd(rctx->priv_sock_name, &rctx->priv_lfd,
+                                 DFL_RSP_UMASK);
             if (ret != EOK) {
                 goto failed;
             }
diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c
index 3fe467c3c..6ac770b7a 100644
--- a/src/responder/pam/pamsrv.c
+++ b/src/responder/pam/pamsrv.c
@@ -396,7 +396,8 @@ int main(int argc, const char *argv[])
         return 2;
     }
 
-    ret = create_pipe_fd(SSS_PAM_PRIV_SOCKET_NAME, &priv_pipe_fd, 0177);
+    ret = create_pipe_fd(SSS_PAM_PRIV_SOCKET_NAME, &priv_pipe_fd,
+                         DFL_RSP_UMASK);
     if (ret != EOK) {
         DEBUG(SSSDBG_FATAL_FAILURE,
               "create_pipe_fd failed (priviledged pipe) [%d]: %s.\n",
-- 
cgit