[network-manager-openvpn: 11/25] properties: fix permissions of imported certificates to be user-readable only

[Thomas Haller <thaller src gnome org>]

commit c8a3c83bba946e0512d5e2f785675ca26250f8e3
Author: Thomas Haller <thaller redhat com>
Date:   Wed Feb 3 18:08:05 2016 +0100

    properties: fix permissions of imported certificates to be user-readable only

 properties/import-export.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)
---
diff --git a/properties/import-export.c b/properties/import-export.c
index bdf0c3e..cc1f54c 100644
--- a/properties/import-export.c
+++ b/properties/import-export.c
@@ -633,6 +633,8 @@ inline_blob_mkdir_parents (const InlineBlobData *data, const char *filepath, cha
 static gboolean
 inline_blob_write_out (const InlineBlobData *data, GError **error)
 {
+       mode_t saved_umask;
+
        if (!_nmovpn_test_temp_path) {
                gs_free char *err_msg = NULL;
 
@@ -649,6 +651,8 @@ inline_blob_write_out (const InlineBlobData *data, GError **error)
                }
        }
 
+       saved_umask = umask (S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
+
        /* The file is written with the default umask. Whether that is safe enough
         * to protect (potentally) private data or allows the openvpn service to
         * access the file later on is left as exercise for the user. */
@@ -660,9 +664,11 @@ inline_blob_write_out (const InlineBlobData *data, GError **error)
                             data->token,
                             (long) data->token_start_line,
                             data->path);
+               umask (saved_umask);
                return FALSE;
        }
 
+       umask (saved_umask);
        return TRUE;
 }