Ensure clients can write to the himmelblau pipe

author David Mulder <dmulder@samba.org>

Fri, 23 Aug 2024 20:29:49 +0000 (14:29 -0600)

committer David Mulder <dmulder@samba.org>

Wed, 23 Oct 2024 14:21:34 +0000 (14:21 +0000)
author David Mulder <dmulder@samba.org>
Fri, 23 Aug 2024 20:29:49 +0000 (14:29 -0600)
committer David Mulder <dmulder@samba.org>
Wed, 23 Oct 2024 14:21:34 +0000 (14:21 +0000)
diff --git a/rust/himmelblaud/src/main.rs b/rust/himmelblaud/src/main.rs

index 27672175be7bba9750b116f886c60f839163b12d..835ba8c10dc2787743ca618d9e66a78f189d6e6a 100644 (file)
--- a/rust/himmelblaud/src/main.rs
+++ b/rust/himmelblaud/src/main.rs
@@ -30,6 +30,7 @@ use himmelblau::BrokerClientApplication;
  use idmap::Idmap;
  use kanidm_hsm_crypto::soft::SoftTpm;
  use kanidm_hsm_crypto::{BoxedDynTpm, Tpm};
+use libc::umask;
  use param::LoadParm;
  use std::path::{Path, PathBuf};
  use std::process::ExitCode;
@@ -375,6 +376,8 @@ async fn main() -> ExitCode {
              client,
          )));
  
+        // Set the umask while we open the path for most clients.
+        let before = unsafe { umask(0) };
          // Listen for incoming requests from PAM and NSS
          let listener = match UnixListener::bind(sock_path) {
              Ok(listener) => listener,
@@ -384,6 +387,8 @@ async fn main() -> ExitCode {
                  return ExitCode::FAILURE;
              }
          };
+        // Undo umask changes.
+        let _ = unsafe { umask(before) };
  
          let server = tokio::spawn(async move {
              while !stop_now.load(Ordering::Relaxed) {
author	David Mulder <dmulder@samba.org>
	Fri, 23 Aug 2024 20:29:49 +0000 (14:29 -0600)
committer	David Mulder <dmulder@samba.org>
	Wed, 23 Oct 2024 14:21:34 +0000 (14:21 +0000)