From: David Mulder <dmulder@samba.org>
Date: Fri, 23 Aug 2024 20:29:49 +0000 (-0600)
Subject: Ensure clients can write to the himmelblau pipe
X-Git-Tag: tdb-1.4.13~880
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6907508cdb39253fc5bc79d2175865189b4dba20;p=thirdparty%2Fsamba.git

Ensure clients can write to the himmelblau pipe

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
---

diff --git a/rust/himmelblaud/src/main.rs b/rust/himmelblaud/src/main.rs
index 27672175be7..835ba8c10dc 100644
--- a/rust/himmelblaud/src/main.rs
+++ b/rust/himmelblaud/src/main.rs
@@ -30,6 +30,7 @@ use himmelblau::BrokerClientApplication;
 use idmap::Idmap;
 use kanidm_hsm_crypto::soft::SoftTpm;
 use kanidm_hsm_crypto::{BoxedDynTpm, Tpm};
+use libc::umask;
 use param::LoadParm;
 use std::path::{Path, PathBuf};
 use std::process::ExitCode;
@@ -375,6 +376,8 @@ async fn main() -> ExitCode {
             client,
         )));
 
+        // Set the umask while we open the path for most clients.
+        let before = unsafe { umask(0) };
         // Listen for incoming requests from PAM and NSS
         let listener = match UnixListener::bind(sock_path) {
             Ok(listener) => listener,
@@ -384,6 +387,8 @@ async fn main() -> ExitCode {
                 return ExitCode::FAILURE;
             }
         };
+        // Undo umask changes.
+        let _ = unsafe { umask(before) };
 
         let server = tokio::spawn(async move {
             while !stop_now.load(Ordering::Relaxed) {