summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/krb5/os/kuserok.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/src/lib/krb5/os/kuserok.c b/src/lib/krb5/os/kuserok.c
index 356b98706..411c20fa5 100644
--- a/src/lib/krb5/os/kuserok.c
+++ b/src/lib/krb5/os/kuserok.c
@@ -40,6 +40,13 @@
#define MAX_USERNAME 65
+#if defined(__APPLE__) && defined(__MACH__)
+#include <hfs/hfs_mount.h> /* XXX */
+#define FILE_OWNER_OK(UID) ((UID) == 0 || (UID) == UNKNOWNUID)
+#else
+#define FILE_OWNER_OK(UID) ((UID) == 0)
+#endif
+
/*
* Given a Kerberos principal "principal", and a local username "luser",
* determine whether user is authorized to login according to the
@@ -112,7 +119,7 @@ krb5_kuserok(krb5_context context, krb5_principal principal, const char *luser)
free(princname);
return(FALSE);
}
- if ((sbuf.st_uid != pwd->pw_uid) && sbuf.st_uid) {
+ if (sbuf.st_uid != pwd->pw_uid || !FILE_OWNER_OK(sbuf.st_uid)) {
fclose(fp);
free(princname);
return(FALSE);
generated by cgit (git 2.34.1) at 2026-03-18 21:47:18 +0000