From c51b28adf66a4597ff1c0cb0e0754b2968a337e2 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Thu, 8 Oct 2020 13:37:32 +0300 Subject: [PATCH] Read HOME_MODE and UMASK from /etc/login.defs shadow-utils changed behavior of UMASK to only apply to runtime processes. For home directories, HOME_MODE variable was introduced instead. Read HOME_MODE and fall back to UMASK if that does not exist. Signed-off-by: Alexander Bokovoy --- src/mkhomedir.c | 13 +++++++++---- src/oddjobd-mkhomedir.conf.5.in | 3 ++- src/pam_oddjob_mkhomedir.8.in | 5 +++-- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/src/mkhomedir.c b/src/mkhomedir.c index 1c0d8e4..be85959 100644 --- a/src/mkhomedir.c +++ b/src/mkhomedir.c @@ -264,12 +264,13 @@ mkhomedir(const char *user, int flags) } static mode_t -get_umask(int *configured) +get_umask(int *configured, const char *variable) { FILE *fp; char buf[BUFSIZ], *p, *end; mode_t mask = umask(0777); long tmp; + size_t vlen = strlen(variable); fp = fopen("/etc/login.defs", "r"); if (fp != NULL) { @@ -279,10 +280,10 @@ get_umask(int *configured) } buf[strcspn(buf, "\r\n")] = '\0'; p = buf + strspn(buf, " \t"); - if (strncmp(p, "UMASK", 5) != 0) { + if (strncmp(p, variable, vlen) != 0) { continue; } - p += 5; + p += vlen; if (strspn(p, " \t") == 0) { continue; } @@ -308,7 +309,11 @@ main(int argc, char **argv) int i, configured_umask = 0, flags = FLAG_POPULATE; openlog(PACKAGE "-mkhomedir", LOG_PID, LOG_DAEMON); - override_umask = get_umask(&configured_umask); + /* Unlike UMASK, HOME_MODE is the file mode, so needs to be reverted */ + override_umask = 0777 & ~get_umask(&configured_umask, "HOME_MODE"); + if (configured_umask == 0) { + override_umask = get_umask(&configured_umask, "UMASK"); + } umask(override_umask); skel_dir = "/etc/skel"; diff --git a/src/oddjobd-mkhomedir.conf.5.in b/src/oddjobd-mkhomedir.conf.5.in index b0cd934..d7a2429 100644 --- a/src/oddjobd-mkhomedir.conf.5.in +++ b/src/oddjobd-mkhomedir.conf.5.in @@ -24,7 +24,8 @@ Override the location of the skeleton directory (by default: \fI/etc/skel\fR). -u Specify a umask whose bits are masked off of contents of the skeleton directory while they are copied to the user's new home directory. The default is read -from \fB/etc/login.defs\fR. +from \fB/etc/login.defs\fR by taking \fBHOME_MODE\fR and \fBUMASK\fR values, in +this order. First found value persists. .SH SEE ALSO \fBoddjob.conf\fR(5) diff --git a/src/pam_oddjob_mkhomedir.8.in b/src/pam_oddjob_mkhomedir.8.in index 3793764..2fb16bc 100644 --- a/src/pam_oddjob_mkhomedir.8.in +++ b/src/pam_oddjob_mkhomedir.8.in @@ -14,8 +14,9 @@ if the module is running with superuser privileges. Otherwise, it invokes the \fImkmyhomedir\fR method. The location of the skeleton directory and the default umask are determined by -the configuration for the corresponding service in \fBoddjobd-mkhomedir.conf\fR, -so they can not be specified as arguments to this module. +the values of \fBHOME_MODE\fR or \fBUMASK\fR (as a fallback) variables in +\fI/etc/login.defs\fR, so they can not be specified as arguments to this +module. If \fID-Bus\fR has not been configured to allow the calling application to invoke these methods provided as part of the \fI@NAMESPACE@.oddjob_mkhomedir\fR -- 2.28.0