SHA256
1
0
forked from pool/krb5
krb5/krb5-1.10-ksu-access.patch

54 lines
2.4 KiB
Diff
Raw Normal View History

The idea is to not complain about problems in the default ticket file if we
couldn't read it, because the client would be able to tell if it's there or
not, and we're implicitly letting the client tell us where it is. Still needs
work, I think.
Index: krb5-1.11.1/src/clients/ksu/ccache.c
===================================================================
--- krb5-1.11.1.orig/src/clients/ksu/ccache.c
+++ krb5-1.11.1/src/clients/ksu/ccache.c
@@ -77,7 +77,7 @@ krb5_error_code krb5_ccache_copy (contex
cc_def_name = krb5_cc_get_name(context, cc_def);
cc_other_name = krb5_cc_get_name(context, *cc_other);
- if ( ! stat(cc_def_name, &st_temp)){
+ if ( ! access(cc_def_name, R_OK) && ! stat(cc_def_name, &st_temp)){
if((retval = krb5_get_nonexp_tkts(context,cc_def,&cc_def_creds_arr))){
return retval;
}
Index: krb5-1.11.1/src/clients/ksu/heuristic.c
===================================================================
--- krb5-1.11.1.orig/src/clients/ksu/heuristic.c
+++ krb5-1.11.1/src/clients/ksu/heuristic.c
@@ -409,7 +409,7 @@ krb5_error_code find_either_ticket (cont
cc_source_name = krb5_cc_get_name(context, cc);
- if ( ! stat(cc_source_name, &st_temp)){
+ if ( ! access(cc_source_name, F_OK | R_OK) && ! stat(cc_source_name, &st_temp)){
retval = find_ticket(context, cc, client, end_server, &temp_found);
if (retval)
@@ -569,7 +569,7 @@ krb5_error_code get_best_princ_for_targe
cc_source_name = krb5_cc_get_name(context, cc_source);
- if (! stat(cc_source_name, &st_temp)) {
+ if (! access(cc_source_name, F_OK | R_OK) && ! stat(cc_source_name, &st_temp)) {
retval = krb5_cc_get_principal(context, cc_source, &cc_def_princ);
if (retval)
return retval;
Index: krb5-1.11.1/src/clients/ksu/main.c
===================================================================
--- krb5-1.11.1.orig/src/clients/ksu/main.c
+++ krb5-1.11.1/src/clients/ksu/main.c
@@ -271,7 +271,7 @@ main (argc, argv)
if ( strchr(cc_source_tag, ':')){
cc_source_tag_tmp = strchr(cc_source_tag, ':') + 1;
- if( stat( cc_source_tag_tmp, &st_temp)){
+ if( access( cc_source_tag_tmp, F_OK | R_OK) || stat( cc_source_tag_tmp, &st_temp)){
com_err(prog_name, errno,
_("while looking for credentials file %s"),
cc_source_tag_tmp);