- use O_NOFOLLOW
- be more strict not to follow symlinks
- require cache files to be owned by the user
- have sane permissions (not group/other readable)
As kerberos(8) provides a brief outline of this network authentication
system I would suggest extending SEE ALSO to include a few section 8
commands. I have excluded kadmind(8) and kpasswdd(8) as these servers
can be easily reachable from kadmin(8) and kpasswd(8) manual pages
respectively.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
There is no fchmod() implementation on Windows. For now prevent its
use on Windows with #ifndef _WIN32 but in the future set_default_cache()
should be updated to set ownership permissions for the cache file.
Change-Id: I57214dfecbd25d7b337a568fa5e522c0a22dbb76
The Windows version of mkdir() does not share the same signature
as the POSIX version. Add rk_mkdir() with an POSIX compliant signature
to libroken. The current implementation ignores the 'mode' parameter
on Windows but a future implementation could provide the required
functionality with native Win32 APIs.
Change-Id: I084d42e0f27932e9b8131d310dbf34849f5fe4b6
POSIX mkdir (unlike the Windows version) takes a 'mode_t' parameter.
Provide definitions for the mode_t constants.
Change-Id: Ie57e746aa3e579e28f93064ab430f1128508cc84
Windows has neither O_NONBLOCK nor FIOBIO and sockets aren't file
descriptors in any case. Avoid warning that 'flags' is unused in
socket_set_nonblocking().
Change-Id: I431cfae3a88577e75b5230f645639b5a17832f5c
Instead of locally defining prototypes for private functions
_krb5_crc_update and _krb5_crc_init_table simply include
krb5-private.h.
Change-Id: Ia7931f8df2e68eb038d112797edfd456ffcdd23a
If the registry type is NONE and the string is all numeric or
if the type is DWORD, the string is converted to a DWORD and then
stored into the registry as a REG_DWORD using RegSetValueEx().
The input parameter should be a pointer to the DWORD variable not
its value.
Change-Id: I9ff12121c6c17eb5afb2ea89adf8bb9cc6aa3a89
Everywhere that roken is used supports limits.h. The behavior of
roken should not depend on whether or not the including application
includes limits.h before or after roken.h. Include limits.h in
roken.h and be done with it.
Change-Id: Id0be5487c791592dfe722ce880b8400bb16d05b1
unix_seed(), called by the add-seed-data op unix_add(), attempts to
write seed data to the random data device. If this fails, the failure
is ignored, as it must be, since there is no way to inform the caller.
This change modifies the way in which the return value from write(2)
is ignored, to avoid compiler warnings when building on Ubuntu 12.10,
with gcc 4.7.2 and eglibc 2.15-0ubuntu20.1.
If a program does not include limits.h (or includes it after roken.h),
it can end up with PATH_MAX defined to be MAX_PATH, but MAX_PATH
undefined. This causes consumers of PATH_MAX to become unhappy.
Work around this case by only using MAX_PATH if it is available, and
a constant otherwise.
