svn rev #22010: trunk/src/lib/krb5/os/

[ghudson@MIT.EDU]

http://src.mit.edu/fisheye/changelog/krb5/?cs=22010
Commit By: ghudson
Log Message:
In krb5_kuserok, just try opening .k5login; don't check ahead of time
whether it looks accessible.  Also rewrite the construction of the
.k5login filename to use snprintf instead of strnpy/strncat.



Changed Files:
U   trunk/src/lib/krb5/os/kuserok.c
Modified: trunk/src/lib/krb5/os/kuserok.c
===================================================================
--- trunk/src/lib/krb5/os/kuserok.c	2009-02-17 16:11:49 UTC (rev 22009)
+++ trunk/src/lib/krb5/os/kuserok.c	2009-02-17 17:09:35 UTC (rev 22010)
@@ -79,22 +79,24 @@
     char linebuf[BUFSIZ];
     char *newline;
     int gobble;
+    char pwbuf[BUFSIZ];
+    struct passwd pwx;
+    int result;
 
     /* no account => no access */
-    char pwbuf[BUFSIZ];
-    struct passwd pwx;
     if (k5_getpwnam_r(luser, &pwx, pwbuf, sizeof(pwbuf), &pwd) != 0)
 	return(FALSE);
-    (void) strncpy(pbuf, pwd->pw_dir, sizeof(pbuf) - 1);
-    pbuf[sizeof(pbuf) - 1] = '\0';
-    (void) strncat(pbuf, "/.k5login", sizeof(pbuf) - 1 - strlen(pbuf));
+    result = snprintf(pbuf, sizeof(pbuf), "%s/.k5login", pwd->pw_dir);
+    if (SNPRINTF_OVERFLOW(result, sizeof(pbuf)))
+	return(FALSE);
 
-    if (access(pbuf, F_OK)) {	 /* not accessible */
+    fp = fopen(pbuf, "r");
+    if (!fp) {
 	/*
-	 * if he's trying to log in as himself, and there is no .k5login file,
-	 * let him.  To find out, call
+	 * If he's trying to log in as himself, and there is no
+	 * readable .k5login file, let him.  To find out, call
 	 * krb5_aname_to_localname to convert the principal to a name
-	 * which we can string compare. 
+	 * which we can string compare.
 	 */
 	if (!(krb5_aname_to_localname(context, principal,
 				      sizeof(kuser), kuser))