diff options
Diffstat (limited to 'src/environ.c')
-rw-r--r-- | src/environ.c | 40 |
1 files changed, 33 insertions, 7 deletions
diff --git a/src/environ.c b/src/environ.c index 8fefb8e..7b8a54b 100644 --- a/src/environ.c +++ b/src/environ.c @@ -243,18 +243,44 @@ static void mag_set_name_attributes(request_rec *req, struct mag_conn *mc) } } -static void mag_set_KRB5CCNAME(request_rec *req, const char *dir, +static void mag_set_KRB5CCNAME(request_rec *req, struct mag_config *cfg, const char *ccname) { apr_status_t status; - apr_finfo_t finfo; + apr_int32_t wanted = APR_FINFO_MIN | APR_FINFO_OWNER | APR_FINFO_PROT; + apr_finfo_t finfo = { 0 }; char *path; char *value; - path = apr_psprintf(req->pool, "%s/%s", dir, ccname); - - status = apr_stat(&finfo, path, APR_FINFO_MIN, req->pool); - if (status != APR_SUCCESS && status != APR_INCOMPLETE) { + path = apr_psprintf(req->pool, "%s/%s", cfg->deleg_ccache_dir, ccname); + + status = apr_stat(&finfo, path, wanted, req->pool); + if (status == APR_SUCCESS) { + if ((cfg->deleg_ccache_mode != 0) && + (finfo.protection != cfg->deleg_ccache_mode)) { + status = apr_file_perms_set(path, cfg->deleg_ccache_mode); + if (status != APR_SUCCESS) + ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, req, + "failed to set perms (%o) on file (%s)!", + cfg->deleg_ccache_mode, path); + } + if ((cfg->deleg_ccache_uid != 0) && + (finfo.user != cfg->deleg_ccache_uid)) { + status = lchown(path, cfg->deleg_ccache_uid, -1); + if (status != 0) + ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, req, + "failed to set user (%u) on file (%s)!", + cfg->deleg_ccache_uid, path); + } + if ((cfg->deleg_ccache_gid != 0) && + (finfo.group != cfg->deleg_ccache_gid)) { + status = lchown(path, -1, cfg->deleg_ccache_gid); + if (status != 0) + ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, req, + "failed to set group (%u) on file (%s)!", + cfg->deleg_ccache_gid, path); + } + } else { /* set the file cache anyway, but warn */ ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, req, "KRB5CCNAME file (%s) lookup failed!", path); @@ -282,7 +308,7 @@ void mag_set_req_data(request_rec *req, #ifdef HAVE_CRED_STORE if (cfg->deleg_ccache_dir && mc->delegated && mc->ccname) { - mag_set_KRB5CCNAME(req, cfg->deleg_ccache_dir, mc->ccname); + mag_set_KRB5CCNAME(req, cfg, mc->ccname); } #endif } |