Revert the fopen part of the previous krb5_kuserok change, but keep

the string-handling change.  It introduced an unwanted behavior change
when .k5login was detectable but unreadable.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22011 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/os/kuserok.c b/src/lib/krb5/os/kuserok.c
index 489b24791ef5ae2e41992343ba89b87dab66253b..f76010dc9b92b1514592f8e6d62917c7d96ade0d 100644 (file)
--- a/src/lib/krb5/os/kuserok.c
+++ b/src/lib/krb5/os/kuserok.c
@@ -90,13 +90,12 @@ krb5_kuserok(krb5_context context, krb5_principal principal, const char *luser)
     if (SNPRINTF_OVERFLOW(result, sizeof(pbuf)))
        return(FALSE);
 
-    fp = fopen(pbuf, "r");
-    if (!fp) {
+    if (access(pbuf, F_OK)) {   /* not accessible */
        /*
-        * If he's trying to log in as himself, and there is no
-        * readable .k5login file, let him.  To find out, call
+        * if he's trying to log in as himself, and there is no .k5login file,
+        * let him.  To find out, call
         * krb5_aname_to_localname to convert the principal to a name
-        * which we can string compare.
+        * which we can string compare. 
         */
        if (!(krb5_aname_to_localname(context, principal,
                                      sizeof(kuser), kuser))