From 88be1efdbeab0a5ae533a796234136d72815b965 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= Date: Wed, 23 Oct 2013 19:39:39 +0200 Subject: [PATCH] Proper umask usage. --- src/VfsNs.cpp | 12 ++++++++---- src/VfsNs.h | 1 + 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/VfsNs.cpp b/src/VfsNs.cpp index e18af57..f79c10f 100644 --- a/src/VfsNs.cpp +++ b/src/VfsNs.cpp @@ -48,7 +48,7 @@ static gid_t getGid(const SecurityContext* ctx) { VfsCatalog::VfsCatalog(const std::string& host, const std::string& prefix, const std::string &allow, const std::string &deny, const std::string allowWrite, const std::string denyWrite) throw (DmException): Catalog(), - hostName_(host) + hostName_(host), umask_(022) { this->allowRegex = vfsCompileRegex("Allow", allow); this->denyRegex = vfsCompileRegex("Deny", deny); @@ -568,7 +568,7 @@ void VfsCatalog::create(const std::string& path, mode_t mode) throw (DmException if (code == ENOENT) { // Cleanup mode - mode = (mode & ~S_IFMT) | S_IFREG; + mode = (mode & ~S_IFMT & ~this->umask_) | S_IFREG; // Effective gid if (parent.stat.st_mode & S_ISGID) { @@ -606,10 +606,14 @@ void VfsCatalog::create(const std::string& path, mode_t mode) throw (DmException mode_t VfsCatalog::umask(mode_t mask) throw () { + mode_t prev; + if (vfsCheckPermissions("", S_IREAD)) vfsThrow(EACCES, "not enough permissions for '%s'", clientName.c_str()); - return ::umask(mask); + prev = this->umask_; + this->umask_ = mask; + return prev; } @@ -1127,7 +1131,7 @@ void VfsCatalog::makeDir(const std::string& path, mode_t mode) throw (DmExceptio lpath = getLocalPath(path); // Clean up unwanted bits, set bits - mode = (mode & ~S_IFMT) | S_IFDIR; + mode = (mode & ~S_IFMT & ~this->umask_) | S_IFDIR; // Effective gid if (parent.stat.st_mode & S_ISGID) { diff --git a/src/VfsNs.h b/src/VfsNs.h index ede8792..06e433a 100644 --- a/src/VfsNs.h +++ b/src/VfsNs.h @@ -127,6 +127,7 @@ namespace dmlite { const SecurityContext* secCtx_; std::string hostName_; std::string prefix_; + mode_t umask_; private: regex_t *allowRegex, *denyRegex, *allowWriteRegex, *denyWriteRegex; -- 1.8.2.3