Only gate the st_uid fcache checks

2013-08-17 00:27:53 -05:00
parent a9bd3c6e50
commit 8feed14fd0
1 changed files with 59 additions and 54 deletions
--- a/lib/krb5/fcache.c
+++ b/lib/krb5/fcache.c
@@ -396,10 +396,13 @@ fcc_open(krb5_context context,
 			      (flags | O_RDWR) == flags);
    krb5_error_code ret;
    const char *filename;
-    struct stat sb1, sb2, sb3;
+    struct stat sb1, sb2;
+#ifndef _WIN32
+    struct stat sb3;
+    size_t tries = 3;
+#endif
    int strict_checking;
    int fd;
-    size_t tries = 3;

    *fd_ret = -1;

@@ -412,21 +415,19 @@ fcc_open(krb5_context context,
 	(context->flags & KRB5_CTX_F_FCACHE_STRICT_CHECKING) != 0;

 again:
-    if (strict_checking) {
+    memset(&sb1, 0, sizeof(sb1));
    ret = lstat(filename, &sb1);
-	if (ret < 0) {
+    if (ret == 0) {
+	if (!S_ISREG(sb1.st_mode)) {
+	    krb5_set_error_message(context, EPERM,
+				   N_("Refuses to open symlinks for caches FILE:%s", ""), filename);
+	    return EPERM;
+	}
+    } else if (errno != ENOENT || !(flags & O_CREAT)) {
 	krb5_set_error_message(context, ret, N_("%s lstat(%s)", "file, error"),
 			       operation, filename);
 	return errno;
    }
-    }
-
-    if (!S_ISREG(sb1.st_mode)) {
-	krb5_set_error_message(context, EPERM
-			N_("Refuses to open symlinks for "
-			   "caches FILE:%s", ""), filename);
-	return EPERM;
-    }

    fd = open(filename, flags, mode);
    if(fd < 0) {
@@ -439,8 +440,6 @@ again:
    }
    rk_cloexec(fd);

-    if (strict_checking) {
-
    ret = fstat(fd, &sb2);
    if (ret < 0) {
 	krb5_clear_error_message(context);
@@ -454,8 +453,8 @@ again:
    }

 #ifndef _WIN32
-	/* All of the following could be #ifndef O_NOFOLLOW, FYI */
-	if (sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino) {
+    if (sb1.st_dev && sb1.st_ino &&
+	(sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino)) {
 	/*
 	 * Perhaps we raced with a rename().  To complain about
 	 * symlinks in that case would cause unnecessary concern, so
@@ -483,7 +482,13 @@ again:
 	close(fd);
 	return EPERM;
    }
+
+    if (strict_checking) {
 #ifndef _WIN32
+	/*
+	 * XXX WIN32: Needs to have ACL checking code!
+	 * st_mode comes out as 100666, and st_uid is no use.
+	 */
 	/*
 	 * XXX Should probably add options to improve control over this
 	 * check.  We might want strict checking of everything except
@@ -908,7 +913,7 @@ cred_delete(krb5_context context,
    off_t new_cred_sz;
    struct stat sb1, sb2;
    int fd = -1;
-    size_t bytes;
+    ssize_t bytes;
    krb5_flags flags = 0;
    krb5_const_realm srealm = krb5_principal_get_realm(context, cred->server);