diff options
Diffstat (limited to 'src/lib/krb5/os/kuserok.c')
-rw-r--r-- | src/lib/krb5/os/kuserok.c | 83 |
1 files changed, 42 insertions, 41 deletions
diff --git a/src/lib/krb5/os/kuserok.c b/src/lib/krb5/os/kuserok.c index f76010dc9..1bc7505da 100644 --- a/src/lib/krb5/os/kuserok.c +++ b/src/lib/krb5/os/kuserok.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/kuserok.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,13 +23,13 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_kuserok() */ #include "k5-int.h" -#if !defined(_WIN32) /* Not yet for Windows */ +#if !defined(_WIN32) /* Not yet for Windows */ #include <stdio.h> #include <pwd.h> @@ -41,7 +42,7 @@ #define MAX_USERNAME 65 #if defined(__APPLE__) && defined(__MACH__) -#include <hfs/hfs_mount.h> /* XXX */ +#include <hfs/hfs_mount.h> /* XXX */ #define FILE_OWNER_OK(UID) ((UID) == 0 || (UID) == UNKNOWNUID) #else #define FILE_OWNER_OK(UID) ((UID) == 0) @@ -85,31 +86,31 @@ krb5_kuserok(krb5_context context, krb5_principal principal, const char *luser) /* no account => no access */ if (k5_getpwnam_r(luser, &pwx, pwbuf, sizeof(pwbuf), &pwd) != 0) - return(FALSE); + return(FALSE); result = snprintf(pbuf, sizeof(pbuf), "%s/.k5login", pwd->pw_dir); if (SNPRINTF_OVERFLOW(result, sizeof(pbuf))) - return(FALSE); + return(FALSE); - if (access(pbuf, F_OK)) { /* not accessible */ - /* - * if he's trying to log in as himself, and there is no .k5login file, - * let him. To find out, call - * krb5_aname_to_localname to convert the principal to a name - * which we can string compare. - */ - if (!(krb5_aname_to_localname(context, principal, - sizeof(kuser), kuser)) - && (strcmp(kuser, luser) == 0)) { - return(TRUE); - } + if (access(pbuf, F_OK)) { /* not accessible */ + /* + * if he's trying to log in as himself, and there is no .k5login file, + * let him. To find out, call + * krb5_aname_to_localname to convert the principal to a name + * which we can string compare. + */ + if (!(krb5_aname_to_localname(context, principal, + sizeof(kuser), kuser)) + && (strcmp(kuser, luser) == 0)) { + return(TRUE); + } } if (krb5_unparse_name(context, principal, &princname)) - return(FALSE); /* no hope of matching */ + return(FALSE); /* no hope of matching */ /* open ~/.k5login */ if ((fp = fopen(pbuf, "r")) == NULL) { - free(princname); - return(FALSE); + free(princname); + return(FALSE); } set_cloexec_file(fp); /* @@ -117,31 +118,31 @@ krb5_kuserok(krb5_context context, krb5_principal principal, const char *luser) * the user himself, or by root. Otherwise, don't grant access. */ if (fstat(fileno(fp), &sbuf)) { - fclose(fp); - free(princname); - return(FALSE); + fclose(fp); + free(princname); + return(FALSE); } if (sbuf.st_uid != pwd->pw_uid && !FILE_OWNER_OK(sbuf.st_uid)) { - fclose(fp); - free(princname); - return(FALSE); + fclose(fp); + free(princname); + return(FALSE); } /* check each line */ while (!isok && (fgets(linebuf, BUFSIZ, fp) != NULL)) { - /* null-terminate the input string */ - linebuf[BUFSIZ-1] = '\0'; - newline = NULL; - /* nuke the newline if it exists */ - if ((newline = strchr(linebuf, '\n'))) - *newline = '\0'; - if (!strcmp(linebuf, princname)) { - isok = TRUE; - continue; - } - /* clean up the rest of the line if necessary */ - if (!newline) - while (((gobble = getc(fp)) != EOF) && gobble != '\n'); + /* null-terminate the input string */ + linebuf[BUFSIZ-1] = '\0'; + newline = NULL; + /* nuke the newline if it exists */ + if ((newline = strchr(linebuf, '\n'))) + *newline = '\0'; + if (!strcmp(linebuf, princname)) { + isok = TRUE; + continue; + } + /* clean up the rest of the line if necessary */ + if (!newline) + while (((gobble = getc(fp)) != EOF) && gobble != '\n'); } free(princname); fclose(fp); @@ -166,7 +167,7 @@ krb5_kuserok(context, principal, luser) return FALSE; if (strcmp(kuser, luser) == 0) - return TRUE; + return TRUE; return FALSE; } |