Revert "tls: Set umask before creating temporary file"

This reverts commit 1fc1558e7ac11102a4bc479a57de76c4f4f42c46.

There are a few issues with this change.

1) verify_tmp_dir is created 0700 *before* mkstemp() is called
   So the umask for the temporary file doesn't matter

2) the server is threaded, and umask() is *global* to the process
   So there is no "before" mkstemp() and "after" mkstemp().

The Coverity warning is (in this case) a false positive.

diff --git a/src/main/tls.c b/src/main/tls.c
index ec11b29..b83c528 100644 (file)
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -1891,15 +1891,12 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
 
                while (conf->verify_client_cert_cmd) {
                        char filename[256];
-                       mode_t orig_umask;
                        int fd;
                        FILE *fp;
 
                        snprintf(filename, sizeof(filename), "%s/%s.client.XXXXXXXX",
                                 conf->verify_tmp_dir, progname);
-                       orig_umask = umask(S_IRWXG | S_IRWXO);
                        fd = mkstemp(filename);
-                       umask(orig_umask);
                        if (fd < 0) {
                                RDEBUG("Failed creating file in %s: %s",
                                       conf->verify_tmp_dir, fr_syserror(errno));