In krb5_def_store_mkey(), mktemp was being invoked with a string WRFILE:....

This returns an error - as it actually tries to open the file.
Move some of the logic that points to the actual filename earlier - so
mktemp works on the .... portion.

Note that the netbsd linker gives a warning on using mktemp as it may be
insecure - but there is no obvious way to avoid it.

ticket: new
subhect: netbsd mktemp actually tries to open file

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20896 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 8 insertions, 9 deletions

diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c
index b792b3846a..d6f724ce0a 100644
--- a/src/lib/kdb/kdb_default.c
+++ b/src/lib/kdb/kdb_default.c
@@ -184,7 +184,14 @@ krb5_def_store_mkey(krb5_context   context,
         goto out;
     }
 
-    if (mktemp(tmp_ktname) == NULL) {
+    /*
+     * Set tmp_ktpath to point to the keyfile path (skip WRFILE:).  Subtracting
+     * 1 to account for NULL terminator in sizeof calculation of a string
+     * constant.  Used further down.
+     */
+    tmp_ktpath = tmp_ktname + (sizeof("WRFILE:") - 1);
+
+    if (mktemp(tmp_ktpath) == NULL) {
         retval = errno;
         krb5_set_error_message (context, retval,
             "Could not create temp stash file: %s",
@@ -202,15 +209,7 @@ krb5_def_store_mkey(krb5_context   context,
     new_entry.principal = mname;
     new_entry.key = *key;
     new_entry.vno = kvno;
-#endif /* LEAN_CLIENT */
-    /*
-     * Set tmp_ktpath to point to the keyfile path (skip WRFILE:).  Subtracting
-     * 1 to account for NULL terminator in sizeof calculation of a string
-     * constant.  Used further down.
-     */
-    tmp_ktpath = tmp_ktname + (sizeof("WRFILE:") - 1);
 
-#ifndef LEAN_CLIENT 
     retval = krb5_kt_add_entry(context, kt, &new_entry);
     if (retval != 0) {
         /* delete tmp keyfile if it exists and an error occurrs */