From e98d2cedfb2819b7e5dd0da30db5ef34dce56961 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Jun 24 2014 18:46:19 +0000
Subject: Explicitly set umask in enrollment helpers


The enrollment helpers already inherit the umask of the daemon when
they're started, but also set them directly so that they behave the
same if they're invoked directly.

---

diff --git a/src/certmaster.c b/src/certmaster.c
index 0a96b78..4cb46eb 100644
--- a/src/certmaster.c
+++ b/src/certmaster.c
@@ -99,6 +99,8 @@ main(int argc, char **argv)
 		}
 	}
 
+	umask(S_IRWXG | S_IRWXO);
+
 	if (host == NULL) {
 		/* Okay, we have to figure out what the master name is.  Hope
 		 * the minion is configured. */
diff --git a/src/dogtag.c b/src/dogtag.c
index 684a465..700fe7f 100644
--- a/src/dogtag.c
+++ b/src/dogtag.c
@@ -18,7 +18,9 @@
 #include "config.h"
 
 #include <sys/types.h>
+#include <sys/stat.h>
 #include <errno.h>
+#include <fcntl.h>
 #include <limits.h>
 #include <stdlib.h>
 #include <stdio.h>
@@ -239,6 +241,8 @@ main(int argc, char **argv)
 		}
 	}
 
+	umask(S_IRWXG | S_IRWXO);
+
 	nctx = NSS_InitContext(CM_DEFAULT_CERT_STORAGE_LOCATION,
 			       NULL, NULL, NULL, NULL,
 			       NSS_INIT_NOCERTDB |
diff --git a/src/ipa.c b/src/ipa.c
index d22b8a9..87a5ca8 100644
--- a/src/ipa.c
+++ b/src/ipa.c
@@ -18,7 +18,9 @@
 #include "config.h"
 
 #include <sys/types.h>
+#include <sys/stat.h>
 #include <errno.h>
+#include <fcntl.h>
 #include <limits.h>
 #include <stdlib.h>
 #include <stdio.h>
@@ -178,6 +180,8 @@ main(int argc, char **argv)
 		}
 	}
 
+	umask(S_IRWXG | S_IRWXO);
+
 	/* Start backfilling defaults, both hard-coded and from the IPA
 	 * configuration. */
 	if (cainfo == NULL) {
diff --git a/src/local.c b/src/local.c
index fd65fa8..368dfb8 100644
--- a/src/local.c
+++ b/src/local.c
@@ -477,6 +477,9 @@ main(int argc, char **argv)
 			break;
 		}
 	}
+
+	umask(S_IRWXG | S_IRWXO);
+
 	cm_log_set_method(cm_log_stderr);
 	cm_log_set_level(verbose);