Make sure to set umask() before calling mkstemp().

Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Mar  6 01:16:34 CET 2013 on sn-devel-104

2 files changed, 7 insertions, 0 deletions

diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 0876ab6284..3a2401a9ad 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -21,6 +21,7 @@
 */
 
 #include "includes.h"
+#include "system/filesys.h"
 #include "krb5_samba.h"
 #include "lib/util/asn1.h"
 
@@ -1483,6 +1484,7 @@ krb5_error_code kerberos_kinit_keyblock_cc(krb5_context ctx, krb5_ccache cc,
 {
 	krb5_error_code code = 0;
 	krb5_creds my_creds;
+	mode_t mask;
 
 #if defined(HAVE_KRB5_GET_INIT_CREDS_KEYBLOCK)
 	code = krb5_get_init_creds_keyblock(ctx, &my_creds, principal,
@@ -1500,7 +1502,9 @@ krb5_error_code kerberos_kinit_keyblock_cc(krb5_context ctx, krb5_ccache cc,
 	*(KRB5_KT_KEY(&entry)) = *keyblock;
 
 	memcpy(tmp_name, SMB_CREDS_KEYTAB, sizeof(SMB_CREDS_KEYTAB));
+	mask = umask(S_IRWXO | S_IRWXG);
 	mktemp(tmp_name);
+	umask(mask);
 	if (tmp_name[0] == 0) {
 		return KRB5_KT_BADNAME;
 	}
diff --git a/lib/util/util.c b/lib/util/util.c
index d49e20e6cd..464fc62e1f 100644
--- a/lib/util/util.c
+++ b/lib/util/util.c
@@ -63,6 +63,7 @@ int create_unlink_tmp(const char *dir)
 {
 	char *fname;
 	int fd;
+	mode_t mask;
 
 	if (!dir) {
 		dir = tmpdir();
@@ -73,7 +74,9 @@ int create_unlink_tmp(const char *dir)
 		errno = ENOMEM;
 		return -1;
 	}
+	mask = umask(S_IRWXO | S_IRWXG);
 	fd = mkstemp(fname);
+	umask(mask);
 	if (fd == -1) {
 		TALLOC_FREE(fname);
 		return -1;