From d9c2a21119a6d04203060ad54fa8d20f17f5c0b7 Mon Sep 17 00:00:00 2001 From: Petr Cech Date: Mon, 5 Oct 2015 09:51:20 -0400 Subject: REFACTOR: DFL_RSP_UMASK constant in responder code There is DFL_RSP_UMASK constant for very secure umask in responder code. This patch replaces occurances of value 0177 with this constant. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek --- src/responder/common/responder.h | 2 +- src/responder/common/responder_common.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'src/responder/common') diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index 4d927cfe3..72c7f4e67 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -41,7 +41,7 @@ extern hash_table_t *dp_requests; /* we want default permissions on created files to be very strict, * so set our umask to 0177 */ -#define DFL_RSP_UMASK 0177 +#define DFL_RSP_UMASK SSS_DFL_UMASK /* if there is a provider other than the special local */ #define NEED_CHECK_PROVIDER(provider) \ diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 2097004cb..baaf0412b 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -690,7 +690,8 @@ static int set_unix_socket(struct resp_ctx *rctx) if (rctx->priv_sock_name != NULL ) { /* create privileged pipe */ if (rctx->priv_lfd == -1) { - ret = create_pipe_fd(rctx->priv_sock_name, &rctx->priv_lfd, 0177); + ret = create_pipe_fd(rctx->priv_sock_name, &rctx->priv_lfd, + DFL_RSP_UMASK); if (ret != EOK) { goto failed; } -- cgit