oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

krb5_kuserok() only does the local principal test on Windows

Browse Source 
Remove the other tests for now.  The file and directory access checks must be
made against the respective DACLs.
This commit is contained in:
Asanka Herath
2010-03-02 03:25:05 -05:00
parent f54630328b
commit 154de6b3a3
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/krb5/kuserok.c
View File

@@ -34,6 +34,8 @@
#include "krb5_locl.h"
#include <dirent.h>
#ifndef _WIN32
/* see if principal is mentioned in the filename access file, return
TRUE (in result) if so, FALSE otherwise */
@@ -65,7 +67,6 @@ check_one_file(krb5_context context,
fclose (f);
return EISDIR;
}
#ifndef _WIN32
if (st.st_uid != pwd->pw_uid && st.st_uid != 0) {
fclose (f);
return EACCES;
@@ -74,7 +75,6 @@ check_one_file(krb5_context context,
fclose (f);
return EACCES;
}
#endif
while (fgets (buf, sizeof(buf), f) != NULL) {
krb5_principal tmp;
@@ -126,12 +126,10 @@ check_directory(krb5_context context,
if (!S_ISDIR(st.st_mode))
return ENOTDIR;
#ifndef _WIN32
if (st.st_uid != pwd->pw_uid && st.st_uid != 0)
return EACCES;
if ((st.st_mode & (S_IWGRP | S_IWOTH)) != 0)
return EACCES;
#endif
if((d = opendir(dirname)) == NULL)
return errno;
@@ -167,6 +165,8 @@ check_directory(krb5_context context,
return ret;
}
#endif /* !_WIN32 */
static krb5_boolean
match_local_principals(krb5_context context,
krb5_principal principal,