File 0039-Set-umask-before-calling-mkdtemp.patch of Package adcli.32003

From 81cf7d1e1a93ec08eaf54067afaec76bd69086b9 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@suse.de>
Date: Wed, 31 Aug 2022 11:26:57 +0200
Subject: [PATCH] tools: Set umask before calling mkdtemp()

When adcli is called from sssd it inherits the sssd's umask (0177) and as
the default sssd.service file drops CAP_DAC_OVERRIDE, the result is that
the directory is created with mode 0600 and the krb5.conf snippet can't be
created.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
---
 tools/tools.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/tools/tools.c b/tools/tools.c
index fc9fa9a..eaa3924 100644
--- a/tools/tools.c
+++ b/tools/tools.c
@@ -334,7 +334,14 @@ setup_krb5_conf_directory (adcli_conn *conn)
 	}
 
 	if (!failed) {
-		if (mkdtemp (directory) == NULL) {
+		mode_t old_umask;
+		char *dtemp = NULL;
+
+		old_umask = umask(0077);
+		dtemp = mkdtemp(directory);
+		umask(old_umask);
+
+		if (dtemp == NULL) {
 			errn = errno;
 			failed = 1;
 			warnx ("couldn't create temporary directory in: %s: %s",
-- 
2.37.2