From 154de6b3a33ee85dfe30bd25af08cc73c21e1636 Mon Sep 17 00:00:00 2001
From: Asanka Herath <asanka@secure-endpoints.com>
Date: Tue, 2 Mar 2010 03:25:05 -0500
Subject: [PATCH] krb5_kuserok() only does the local principal test on Windows

Remove the other tests for now.  The file and directory access checks must be
made against the respective DACLs.
---
 lib/krb5/kuserok.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/krb5/kuserok.c b/lib/krb5/kuserok.c
index 4cc9be203..2129100b9 100644
--- a/lib/krb5/kuserok.c
+++ b/lib/krb5/kuserok.c
@@ -34,6 +34,8 @@
 #include "krb5_locl.h"
 #include <dirent.h>
 
+#ifndef _WIN32
+
 /* see if principal is mentioned in the filename access file, return
    TRUE (in result) if so, FALSE otherwise */
 
@@ -65,7 +67,6 @@ check_one_file(krb5_context context,
 	fclose (f);
 	return EISDIR;
     }
-#ifndef _WIN32
     if (st.st_uid != pwd->pw_uid && st.st_uid != 0) {
 	fclose (f);
 	return EACCES;
@@ -74,7 +75,6 @@ check_one_file(krb5_context context,
 	fclose (f);
 	return EACCES;
     }
-#endif
 
     while (fgets (buf, sizeof(buf), f) != NULL) {
 	krb5_principal tmp;
@@ -126,12 +126,10 @@ check_directory(krb5_context context,
     if (!S_ISDIR(st.st_mode))
 	return ENOTDIR;
 
-#ifndef _WIN32
     if (st.st_uid != pwd->pw_uid && st.st_uid != 0)
 	return EACCES;
     if ((st.st_mode & (S_IWGRP | S_IWOTH)) != 0)
 	return EACCES;
-#endif
 
     if((d = opendir(dirname)) == NULL)
 	return errno;
@@ -167,6 +165,8 @@ check_directory(krb5_context context,
     return ret;
 }
 
+#endif  /* !_WIN32 */
+
 static krb5_boolean
 match_local_principals(krb5_context context,
 		       krb5_principal principal,