From 90cbfc96d118d6b55c47392d8ae421434dea8225 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 25 Feb 2013 17:34:21 +0100
Subject: Make sure to set umask() before calling mkstemp().

Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Mar  6 01:16:34 CET 2013 on sn-devel-104
---
 lib/krb5_wrap/krb5_samba.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'lib/krb5_wrap')

diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 0876ab6284..3a2401a9ad 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -21,6 +21,7 @@
 */
 
 #include "includes.h"
+#include "system/filesys.h"
 #include "krb5_samba.h"
 #include "lib/util/asn1.h"
 
@@ -1483,6 +1484,7 @@ krb5_error_code kerberos_kinit_keyblock_cc(krb5_context ctx, krb5_ccache cc,
 {
 	krb5_error_code code = 0;
 	krb5_creds my_creds;
+	mode_t mask;
 
 #if defined(HAVE_KRB5_GET_INIT_CREDS_KEYBLOCK)
 	code = krb5_get_init_creds_keyblock(ctx, &my_creds, principal,
@@ -1500,7 +1502,9 @@ krb5_error_code kerberos_kinit_keyblock_cc(krb5_context ctx, krb5_ccache cc,
 	*(KRB5_KT_KEY(&entry)) = *keyblock;
 
 	memcpy(tmp_name, SMB_CREDS_KEYTAB, sizeof(SMB_CREDS_KEYTAB));
+	mask = umask(S_IRWXO | S_IRWXG);
 	mktemp(tmp_name);
+	umask(mask);
 	if (tmp_name[0] == 0) {
 		return KRB5_KT_BADNAME;
 	}
-- 
cgit