Changeset 580


Ignore:
Timestamp:
Jan 5, 2008, 6:06:59 AM (14 years ago)
Author:
andersk
Message:
Check .k5login owner for security reasons as per the equivalent krb5
code.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • server/common/oursrc/accountadm/admof.c

    r579 r580  
    1414#include <string.h>
    1515#include <sys/types.h>
     16#include <sys/stat.h>
    1617#include <pwd.h>
     18#include <unistd.h>
    1719#include <netinet/in.h>
    1820#include <afs/vice.h>
     
    9799        if (fp == NULL)
    98100            die("internal error: .k5login: %m\n");
     101        struct stat st;
     102        if (fstat(fileno(fp), &st) != 0)
     103            die("internal error: fstat: %m\n");
     104        if (st.st_uid != pwd->pw_uid && st.st_uid != 0) {
     105            fclose(fp);
     106            die("internal error: bad .k5login permissions\n");
     107        }
    99108        bool found = false;
    100109        char *line = NULL;
Note: See TracChangeset for help on using the changeset viewer.