From c69c86cfdd337c3d54ec87630eba5e106ce13ece Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sat, 16 Mar 2013 22:54:05 +0100
Subject: [PATCH] simplified umask

---
 src/ocserv-args.def | 1 +
 src/sec-mod.c       | 4 +---
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/ocserv-args.def b/src/ocserv-args.def
index fa6f6931..0de34aed 100644
--- a/src/ocserv-args.def
+++ b/src/ocserv-args.def
@@ -204,6 +204,7 @@ use-utmp = true
 pid-file = /var/run/ocserv.pid
 
 # socket file used for IPC, will be appended with .PID
+# It must be accessible within the chroot environment (if any)
 socket-file = /var/run/ocserv-socket
 
 # The user the worker processes will be run as.
diff --git a/src/sec-mod.c b/src/sec-mod.c
index 506fb401..dbf4092f 100644
--- a/src/sec-mod.c
+++ b/src/sec-mod.c
@@ -162,7 +162,6 @@ gnutls_datum_t data, out;
 uint16_t length;
 struct iovec iov[2];
 int sd;
-int mask;
 
 	signal(SIGHUP, SIG_IGN);
 	signal(SIGINT, SIG_DFL);
@@ -194,14 +193,13 @@ int mask;
 		exit(1);
 	}
 	
-	mask = umask(066);
+	umask(066);
 	ret = bind(sd, (struct sockaddr *)&sa, SUN_LEN(&sa));
 	if (ret == -1) {
 		e = errno;
 		syslog(LOG_ERR, "could not bind socket '%s': %s", socket_file, strerror(e));
 		exit(1);
 	}
-	umask(mask);
 
 	ret = chown(socket_file, config->uid, config->gid);
 	if (ret == -1) {