clean-up and more paranoia

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6495 ec53bebd-3082-4978-b11e-865c3cabbd6b

appl/kf/kfd.c

@@ -210,13 +210,13 @@ proto (int sock, const char *service)
 	      krb5_get_err_text(context, status));
 
     status=krb5_read_message (context, &sock, &remotename);
-    if (status)
+    if (status) {
-       {syslog_and_die("krb5_read_message: %s",
+	syslog_and_die("krb5_read_message: %s",
 		       krb5_get_err_text(context, status));
     }
     status=krb5_read_message (context, &sock, &tk_file);
-    if (status)
+    if (status) {
-       {syslog_and_die("krb5_read_message: %s",
+	syslog_and_die("krb5_read_message: %s",
 		       krb5_get_err_text(context, status));
     }
 
@@ -236,29 +236,35 @@ proto (int sock, const char *service)
                            &packet,
                            &data,
                            NULL);
-    if (status)
+    if (status) {
-        {syslog_and_cont("krb5_rd_priv: %s",
+	syslog_and_cont("krb5_rd_priv: %s",
 			krb5_get_err_text(context, status));
 	goto out;
     }
 
     pwd = getpwnam ((char *)(remotename.data));
-    if (pwd == NULL)
+    if (pwd == NULL) {
-	{status=1;
+	status=1;
 	syslog_and_cont("getpwnam: %s failed",(char *)(remotename.data));
 	goto out;
     }
 
     if(!krb5_kuserok (context,
                      ticket->client,
-                     (char *)(remotename.data)))
+                     (char *)(remotename.data))) {
-        {status=1;
+	status=1;
 	syslog_and_cont("krb5_kuserok: permission denied");
 	goto out;
     }
 
-    setgid(pwd->pw_gid);
+    if (setgid(pwd->pw_gid) < 0) {
-    setuid(pwd->pw_uid);
+	syslog_and_cont ("setgid: %s", strerror(errno));
+	goto out;
+    }
+    if (setuid(pwd->pw_uid) < 0) {
+	syslog_and_cont ("setuid: %s", strerror(errno));
+	goto out;
+    }
 
     if (tk_file.length != 1)
 	snprintf (ccname, sizeof(ccname), "%s", (char *)(tk_file.data));
@@ -266,22 +272,21 @@ proto (int sock, const char *service)
 	snprintf (ccname, sizeof(ccname), "FILE:/tmp/krb5cc_%u",pwd->pw_uid);
 
     status = krb5_cc_resolve (context, ccname, &ccache);
-    if (status)
+    if (status) {
-	{syslog_and_cont("krb5_cc_resolve: %s",
+	syslog_and_cont("krb5_cc_resolve: %s",
 			krb5_get_err_text(context, status));
         goto out;
     }
     status = krb5_cc_initialize (context, ccache, ticket->client);
-    if (status)
+    if (status) {
-        {syslog_and_cont("krb5_cc_initialize: %s",
+	syslog_and_cont("krb5_cc_initialize: %s",
 			krb5_get_err_text(context, status));
         goto out;
-
     }
     status = krb5_rd_cred (context, auth_context, ccache, &data);
     krb5_cc_close (context, ccache);
-    if (status)
+    if (status) {
-       {syslog_and_cont("krb5_cc_initialize: %s",
+	syslog_and_cont("krb5_cc_initialize: %s",
 			krb5_get_err_text(context, status));
         goto out;
 
@@ -290,11 +295,12 @@ proto (int sock, const char *service)
 		    name,
 		    (char *)(remotename.data),ccname);
 out:
-    if (status)
+    if (status) {
-      {strcpy(ret_string,"no");
+	strcpy(ret_string, "no");
 	syslog_and_cont("failed");
+    } else  {
+	strcpy(ret_string, "ok");
     }
-      else strcpy(ret_string,"ok");
 
     krb5_data_free (&tk_file);
     krb5_data_free (&remotename);
@@ -314,7 +320,8 @@ out:
 static int
 doit (int port, const char *service)
 {
-    if (do_inetd) mini_inetd(port);
+    if (do_inetd)
+	mini_inetd(port);
     return proto (STDIN_FILENO, service);
 }