diff options
| author | Lukas Slebodnik <lslebodn@redhat.com> | 2016-03-03 13:34:26 +0100 |
|---|---|---|
| committer | Lukas Slebodnik <lslebodn@redhat.com> | 2016-04-07 09:24:17 +0200 |
| commit | 192126738fa82c5624f4740147426c552126c602 (patch) | |
| tree | b57baea56b477fe2f05b48b6b4e38e15fa968fd4 /src | |
| parent | 0befc9ae024cf8c9a2d42ab21591699e659dd420 (diff) | |
| download | sssd-192126738fa82c5624f4740147426c552126c602.tar.gz sssd-192126738fa82c5624f4740147426c552126c602.tar.xz sssd-192126738fa82c5624f4740147426c552126c602.zip | |
GPO: Soften umask in gpo_child
The default umask(0177) inherited from sssd_be is to strict
for gpo_child in non-root mode. mkdir creates directories with only "rw"
permission for owner.
The man 1 chmod says: "execute (or search for directories) (x)"
In another words, execute bit is required for directories.
sh-4.3$ mkdir dir
sh-4.3$ chmod 600 dir/
sh-4.3$ mkdir dir/subdir
mkdir: cannot create directory ‘dir/subdir’: Permission denied
Resolves:
https://fedorahosted.org/sssd/ticket/2962
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/providers/ad/ad_gpo_child.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/src/providers/ad/ad_gpo_child.c b/src/providers/ad/ad_gpo_child.c index 668af055d..c95625e83 100644 --- a/src/providers/ad/ad_gpo_child.c +++ b/src/providers/ad/ad_gpo_child.c @@ -208,6 +208,7 @@ static errno_t prepare_gpo_cache(TALLOC_CTX *mem_ctx, char *last = NULL; char *smb_path_with_suffix = NULL; errno_t ret; + mode_t old_umask; smb_path_with_suffix = talloc_strdup(mem_ctx, input_smb_path_with_suffix); if (smb_path_with_suffix == NULL) { @@ -229,11 +230,13 @@ static errno_t prepare_gpo_cache(TALLOC_CTX *mem_ctx, ptr = smb_path_with_suffix + 1; + old_umask = umask(SSS_DFL_X_UMASK); for (i = 0; i < num_dirs; i++) { first = ptr; last = strchr(first, delim); if (last == NULL) { - return EINVAL; + ret = EINVAL; + goto done; } *last = '\0'; last++; @@ -241,7 +244,8 @@ static errno_t prepare_gpo_cache(TALLOC_CTX *mem_ctx, current_dir = talloc_asprintf(mem_ctx, "%s/%s", current_dir, first); if (current_dir == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); - return ENOMEM; + ret = ENOMEM; + goto done; } DEBUG(SSSDBG_TRACE_FUNC, "Storing GPOs in %s\n", current_dir); @@ -249,14 +253,18 @@ static errno_t prepare_gpo_cache(TALLOC_CTX *mem_ctx, ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, "mkdir(%s) failed: %d\n", current_dir, ret); - return ret; + goto done; } ptr = last; } - return EOK; + ret = EOK; + +done: + umask(old_umask); + return ret; } /* |