1 files changed, 50 insertions, 56 deletions

diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index c43eb36..096f6cf 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -185,72 +185,66 @@ gssd_find_existing_krb5_ccache(uid_t uid, struct dirent **d)
 		perror("scandir looking for krb5 credentials caches");
 	}
 	else if (n > 0) {
-		char substring[128];
-		char fullstring[128];
 		char statname[1024];
-		snprintf(substring, sizeof(substring), "_%d_", uid);
-		snprintf(fullstring, sizeof(fullstring), "_%d", uid);
 		for (i = 0; i < n; i++) {
 			printerr(3, "CC file '%s' being considered\n",
 				 namelist[i]->d_name);
-			if (strstr(namelist[i]->d_name, substring) ||
-			    !strcmp(namelist[i]->d_name, fullstring)) {
-				snprintf(statname, sizeof(statname),
-					 "%s/%s", ccachedir,
-					 namelist[i]->d_name);
-				if (stat(statname, &tmp_stat)) {
-					printerr(0, "Error doing stat "
-						    "on file '%s'\n",
-						 statname);
-					continue;
-				}
-				if (!S_ISREG(tmp_stat.st_mode)) {
-					printerr(3, "File '%s' is not "
-						    "a regular file\n",
-						 statname);
-					continue;
-				}
-				printerr(3, "CC file '%s' matches "
-					    "name check and has "
-					    "mtime of %u\n",
-					 namelist[i]->d_name,
-					 tmp_stat.st_mtime);
-				/* if more than one match is found,
-				 * return the most recent (the one
-				 * with the latest mtime),
-				 * and don't free the dirent */
-				if (!found) {
+			snprintf(statname, sizeof(statname),
+				 "%s/%s", ccachedir, namelist[i]->d_name);
+			if (stat(statname, &tmp_stat)) {
+				printerr(0, "Error doing stat on file '%s'\n",
+					 statname);
+				free(namelist[i]);
+				continue;
+			}
+			/* Only pick caches owned by the user (uid) */
+			if (tmp_stat.st_uid != uid) {
+				printerr(3, "'%s' owned by %u, not %u\n",
+					 statname, tmp_stat.st_uid, uid);
+				free(namelist[i]);
+				continue;
+			}
+			if (!S_ISREG(tmp_stat.st_mode)) {
+				printerr(3, "'%s' is not a regular file\n",
+					 statname);
+				free(namelist[i]);
+				continue;
+			}
+			printerr(3, "CC file '%s' matches owner check and has "
+				 "mtime of %u\n",
+				 namelist[i]->d_name, tmp_stat.st_mtime);
+			/*
+			 * if more than one match is found, return the most
+			 * recent (the one with the latest mtime), and
+			 * don't free the dirent
+			 */
+			if (!found) {
+				best_match_dir = namelist[i];
+				best_match_stat = tmp_stat;
+				found++;
+			}
+			else {
+				/*
+				 * If the current match has an mtime later
+				 * than the one we are looking at, then use
+				 * the current match.  Otherwise, we still
+				 * have the best match.
+				 */
+				if (tmp_stat.st_mtime >
+					    best_match_stat.st_mtime) {
+					free(best_match_dir);
 					best_match_dir = namelist[i];
 					best_match_stat = tmp_stat;
-					found++;
 				}
 				else {
-					/*
-					 * If the current match has
-					 * an mtime later than the
-					 * one we are looking at,
-					 * then use the current match.
-					 * Otherwise, we still have
-					 * the best match.
-					 */
-					if (tmp_stat.st_mtime >
-						    best_match_stat.st_mtime) {
-						free(best_match_dir);
-						best_match_dir = namelist[i];
-						best_match_stat = tmp_stat;
-					}
-					else {
-						free(namelist[i]);
-					}
-					printerr(3, "CC file '%s' is our "
-						    "current best match "
-						    "with mtime of %u\n",
-						 best_match_dir->d_name,
-						 best_match_stat.st_mtime);
+					free(namelist[i]);
 				}
+				printerr(3, "CC file '%s' is our "
+					    "current best match "
+					    "with mtime of %u\n",
+					 best_match_dir->d_name,
+					 best_match_stat.st_mtime);
 			}
-			else
-				free(namelist[i]);
 		}
 		free(namelist);
 	}