From 6907508cdb39253fc5bc79d2175865189b4dba20 Mon Sep 17 00:00:00 2001
From: David Mulder <dmulder@samba.org>
Date: Fri, 23 Aug 2024 14:29:49 -0600
Subject: [PATCH] Ensure clients can write to the himmelblau pipe

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
---
 rust/himmelblaud/src/main.rs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/rust/himmelblaud/src/main.rs b/rust/himmelblaud/src/main.rs
index 27672175be7..835ba8c10dc 100644
--- a/rust/himmelblaud/src/main.rs
+++ b/rust/himmelblaud/src/main.rs
@@ -30,6 +30,7 @@ use himmelblau::BrokerClientApplication;
 use idmap::Idmap;
 use kanidm_hsm_crypto::soft::SoftTpm;
 use kanidm_hsm_crypto::{BoxedDynTpm, Tpm};
+use libc::umask;
 use param::LoadParm;
 use std::path::{Path, PathBuf};
 use std::process::ExitCode;
@@ -375,6 +376,8 @@ async fn main() -> ExitCode {
             client,
         )));
 
+        // Set the umask while we open the path for most clients.
+        let before = unsafe { umask(0) };
         // Listen for incoming requests from PAM and NSS
         let listener = match UnixListener::bind(sock_path) {
             Ok(listener) => listener,
@@ -384,6 +387,8 @@ async fn main() -> ExitCode {
                 return ExitCode::FAILURE;
             }
         };
+        // Undo umask changes.
+        let _ = unsafe { umask(before) };
 
         let server = tokio::spawn(async move {
             while !stop_now.load(Ordering::Relaxed) {
-- 
2.47.3