From c491b59007e426b4201ee617d045d03d9429670b Mon Sep 17 00:00:00 2001
From: Love Hornquist Astrand <lha@h5l.org>
Date: Sun, 21 Mar 2010 11:01:24 -0700
Subject: [PATCH] pull out unix /dev/random if we cant get users home directory

---
 lib/hcrypto/rand-unix.c | 12 +++++++-----
 lib/hcrypto/rand.c      | 16 +++++++++++-----
 lib/hcrypto/randi.h     |  1 +
 3 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/lib/hcrypto/rand-unix.c b/lib/hcrypto/rand-unix.c
index 4c1f33da5..63dc97fbf 100644
--- a/lib/hcrypto/rand-unix.c
+++ b/lib/hcrypto/rand-unix.c
@@ -46,8 +46,8 @@
  * Unix /dev/random
  */
 
-static int
-get_device_fd(int flags)
+int
+_hc_unix_device_fd(int flags, char **fn)
 {
     static const char *rnd_devices[] = {
 	"/dev/urandom",
@@ -61,6 +61,8 @@ get_device_fd(int flags)
     for(p = rnd_devices; *p; p++) {
 	int fd = open(*p, flags | O_NDELAY);
 	if(fd >= 0) {
+	    if (fn)
+		*fn = *p;
 	    rk_cloexec(fd);
 	    return fd;
 	}
@@ -76,7 +78,7 @@ unix_seed(const void *indata, int size)
     if (size <= 0)
 	return;
 
-    fd = get_device_fd(O_WRONLY);
+    fd = _hc_unix_device_fd(O_WRONLY, NULL);
     if (fd < 0)
 	return;
 
@@ -97,7 +99,7 @@ unix_bytes(unsigned char *outdata, int size)
     else if (size == 0)
 	return 1;
 
-    fd = get_device_fd(O_RDONLY);
+    fd = _hc_unix_device_fd(O_RDONLY, NULL);
     if (fd < 0)
 	return 0;
 
@@ -139,7 +141,7 @@ unix_status(void)
 {
     int fd;
 
-    fd = get_device_fd(O_RDONLY);
+    fd = _hc_unix_device_fd(O_RDONLY, NULL);
     if (fd < 0)
 	return 0;
     close(fd);
diff --git a/lib/hcrypto/rand.c b/lib/hcrypto/rand.c
index 9f0438a34..53b0f314c 100644
--- a/lib/hcrypto/rand.c
+++ b/lib/hcrypto/rand.c
@@ -342,23 +342,29 @@ RAND_write_file(const char *filename)
 const char *
 RAND_file_name(char *filename, size_t size)
 {
-    const char *e = NULL;
+    char *e = NULL;
     int pathp = 0, ret;
 
     if (!issuid()) {
 	e = getenv("RANDFILE");
-	if (e == NULL) {
+	if (e == NULL)
 	    e = getenv("HOME");
-	    if (e)
-		pathp = 1;
-	}
     }
     /*
      * Here we really want to call getpwuid(getuid()) but this will
      * cause recursive lookups if the nss library uses
      * gssapi/krb5/hcrypto to authenticate to the ldap servers.
+     *
+     * So at least return the unix /dev/random if we have one
      */
 
+    if (e == NULL) {
+	int fd;
+
+	fd = _hc_unix_device_fd(O_RDONLY, &e);
+	if (fd >= 0)
+	    close(fd);
+    }
     if (e == NULL)
 	return NULL;
 
diff --git a/lib/hcrypto/randi.h b/lib/hcrypto/randi.h
index c6c617af2..a6d921413 100644
--- a/lib/hcrypto/randi.h
+++ b/lib/hcrypto/randi.h
@@ -45,5 +45,6 @@ extern const RAND_METHOD hc_rand_timer_method;
 extern const RAND_METHOD hc_rand_w32crypto_method;
 
 const RAND_METHOD * RAND_timer_method(void);
+int _hc_unix_device_fd(int, char **);
 
 #endif /* _HEIM_RANDI_H */