From 92f9bb5bcc6065e0b1426eaa5385ce4bb1c6e2b6 Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Sat, 10 Jun 2006 00:00:19 +0000 Subject: [PATCH] Use new macro FILE_OWNER_OK to examine uid of .k5login file. On Mac, define this to accept UNKNOWNUID as well as 0. ticket: 3233 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18103 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/os/kuserok.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/lib/krb5/os/kuserok.c b/src/lib/krb5/os/kuserok.c index 356b98706..411c20fa5 100644 --- a/src/lib/krb5/os/kuserok.c +++ b/src/lib/krb5/os/kuserok.c @@ -40,6 +40,13 @@ #define MAX_USERNAME 65 +#if defined(__APPLE__) && defined(__MACH__) +#include /* XXX */ +#define FILE_OWNER_OK(UID) ((UID) == 0 || (UID) == UNKNOWNUID) +#else +#define FILE_OWNER_OK(UID) ((UID) == 0) +#endif + /* * Given a Kerberos principal "principal", and a local username "luser", * determine whether user is authorized to login according to the @@ -112,7 +119,7 @@ krb5_kuserok(krb5_context context, krb5_principal principal, const char *luser) free(princname); return(FALSE); } - if ((sbuf.st_uid != pwd->pw_uid) && sbuf.st_uid) { + if (sbuf.st_uid != pwd->pw_uid || !FILE_OWNER_OK(sbuf.st_uid)) { fclose(fp); free(princname); return(FALSE); -- 2.26.2