From c51b28adf66a4597ff1c0cb0e0754b2968a337e2 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Thu, 8 Oct 2020 13:37:32 +0300
Subject: [PATCH] Read HOME_MODE and UMASK from /etc/login.defs

shadow-utils changed behavior of UMASK to only apply to runtime
processes. For home directories, HOME_MODE variable was introduced
instead.

Read HOME_MODE and fall back to UMASK if that does not exist.

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
 src/mkhomedir.c                 | 13 +++++++++----
 src/oddjobd-mkhomedir.conf.5.in |  3 ++-
 src/pam_oddjob_mkhomedir.8.in   |  5 +++--
 3 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/src/mkhomedir.c b/src/mkhomedir.c
index 1c0d8e4..be85959 100644
--- a/src/mkhomedir.c
+++ b/src/mkhomedir.c
@@ -264,12 +264,13 @@ mkhomedir(const char *user, int flags)
 }
 
 static mode_t
-get_umask(int *configured)
+get_umask(int *configured, const char *variable)
 {
 	FILE *fp;
 	char buf[BUFSIZ], *p, *end;
 	mode_t mask = umask(0777);
 	long tmp;
+	size_t vlen = strlen(variable);
 
 	fp = fopen("/etc/login.defs", "r");
 	if (fp != NULL) {
@@ -279,10 +280,10 @@ get_umask(int *configured)
 			}
 			buf[strcspn(buf, "\r\n")] = '\0';
 			p = buf + strspn(buf, " \t");
-			if (strncmp(p, "UMASK", 5) != 0) {
+			if (strncmp(p, variable, vlen) != 0) {
 				continue;
 			}
-			p += 5;
+			p += vlen;
 			if (strspn(p, " \t") == 0) {
 				continue;
 			}
@@ -308,7 +309,11 @@ main(int argc, char **argv)
 	int i, configured_umask = 0, flags = FLAG_POPULATE;
 
 	openlog(PACKAGE "-mkhomedir", LOG_PID, LOG_DAEMON);
-	override_umask = get_umask(&configured_umask);
+	/* Unlike UMASK, HOME_MODE is the file mode, so needs to be reverted */
+	override_umask = 0777 & ~get_umask(&configured_umask, "HOME_MODE");
+	if (configured_umask == 0) {
+		override_umask = get_umask(&configured_umask, "UMASK");
+	}
 	umask(override_umask);
 	skel_dir = "/etc/skel";
 
diff --git a/src/oddjobd-mkhomedir.conf.5.in b/src/oddjobd-mkhomedir.conf.5.in
index b0cd934..d7a2429 100644
--- a/src/oddjobd-mkhomedir.conf.5.in
+++ b/src/oddjobd-mkhomedir.conf.5.in
@@ -24,7 +24,8 @@ Override the location of the skeleton directory (by default: \fI/etc/skel\fR).
 -u
 Specify a umask whose bits are masked off of contents of the skeleton directory
 while they are copied to the user's new home directory.  The default is read
-from \fB/etc/login.defs\fR.
+from \fB/etc/login.defs\fR by taking \fBHOME_MODE\fR and \fBUMASK\fR values, in
+this order.  First found value persists.
 
 .SH SEE ALSO
 \fBoddjob.conf\fR(5)
diff --git a/src/pam_oddjob_mkhomedir.8.in b/src/pam_oddjob_mkhomedir.8.in
index 3793764..2fb16bc 100644
--- a/src/pam_oddjob_mkhomedir.8.in
+++ b/src/pam_oddjob_mkhomedir.8.in
@@ -14,8 +14,9 @@ if the module is running with superuser privileges.  Otherwise, it invokes the
 \fImkmyhomedir\fR method.
 
 The location of the skeleton directory and the default umask are determined by
-the configuration for the corresponding service in \fBoddjobd-mkhomedir.conf\fR,
-so they can not be specified as arguments to this module.
+the values of \fBHOME_MODE\fR or \fBUMASK\fR (as a fallback) variables in
+\fI/etc/login.defs\fR, so they can not be specified as arguments to this
+module.
 
 If \fID-Bus\fR has not been configured to allow the calling application to
 invoke these methods provided as part of the \fI@NAMESPACE@.oddjob_mkhomedir\fR
-- 
2.28.0