From: Greg Hudson Date: Tue, 17 Feb 2009 17:09:35 +0000 (+0000) Subject: In krb5_kuserok, just try opening .k5login; don't check ahead of time X-Git-Tag: krb5-1.8-alpha1~628 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=5f5f67e0abfe38d88c7235b4e0cc0d0b4fe7bbfb;p=krb5.git In krb5_kuserok, just try opening .k5login; don't check ahead of time whether it looks accessible. Also rewrite the construction of the .k5login filename to use snprintf instead of strnpy/strncat. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22010 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/krb5/os/kuserok.c b/src/lib/krb5/os/kuserok.c index 719faaebe..489b24791 100644 --- a/src/lib/krb5/os/kuserok.c +++ b/src/lib/krb5/os/kuserok.c @@ -79,22 +79,24 @@ krb5_kuserok(krb5_context context, krb5_principal principal, const char *luser) char linebuf[BUFSIZ]; char *newline; int gobble; - - /* no account => no access */ char pwbuf[BUFSIZ]; struct passwd pwx; + int result; + + /* no account => no access */ if (k5_getpwnam_r(luser, &pwx, pwbuf, sizeof(pwbuf), &pwd) != 0) return(FALSE); - (void) strncpy(pbuf, pwd->pw_dir, sizeof(pbuf) - 1); - pbuf[sizeof(pbuf) - 1] = '\0'; - (void) strncat(pbuf, "/.k5login", sizeof(pbuf) - 1 - strlen(pbuf)); + result = snprintf(pbuf, sizeof(pbuf), "%s/.k5login", pwd->pw_dir); + if (SNPRINTF_OVERFLOW(result, sizeof(pbuf))) + return(FALSE); - if (access(pbuf, F_OK)) { /* not accessible */ + fp = fopen(pbuf, "r"); + if (!fp) { /* - * if he's trying to log in as himself, and there is no .k5login file, - * let him. To find out, call + * If he's trying to log in as himself, and there is no + * readable .k5login file, let him. To find out, call * krb5_aname_to_localname to convert the principal to a name - * which we can string compare. + * which we can string compare. */ if (!(krb5_aname_to_localname(context, principal, sizeof(kuser), kuser))