svn rev #24250: trunk/src/util/profile/

ghudson@MIT.EDU ghudson at MIT.EDU
Mon Aug 23 18:03:25 EDT 2010 

http://src.mit.edu/fisheye/changelog/krb5/?cs=24250
Commit By: ghudson
Log Message:
ticket: 6760
subject: Fail properly when profile can't be accessed

Make profile_init() return EACCESS or EPERM if one of those errors was
encountered when failing to open any of the specified profile files.
This causes krb5_init_os_context() to fail properly when krb5.conf is
unreadable, instead of treating that situation like a nonexistent
krb5.conf.

The library will continue to soldier on if one profile file is
readable and another is not.  This is deliberate as of r14116, whether
or not it's a good idea.



Changed Files:
U   trunk/src/util/profile/prof_init.c
Modified: trunk/src/util/profile/prof_init.c
===================================================================
--- trunk/src/util/profile/prof_init.c	2010-08-21 13:06:36 UTC (rev 24249)
+++ trunk/src/util/profile/prof_init.c	2010-08-23 22:03:25 UTC (rev 24250)
@@ -27,7 +27,7 @@
     const_profile_filespec_t *fs;
     profile_t profile;
     prf_file_t  new_file, last = 0;
-    errcode_t retval = 0;
+    errcode_t retval = 0, access_retval = 0;
 
     profile = malloc(sizeof(struct _profile_t));
     if (!profile)
@@ -43,9 +43,14 @@
         for (fs = files; !PROFILE_LAST_FILESPEC(*fs); fs++) {
             retval = profile_open_file(*fs, &new_file);
             /* if this file is missing, skip to the next */
-            if (retval == ENOENT || retval == EACCES || retval == EPERM) {
+            if (retval == ENOENT) {
                 continue;
             }
+            /* If we can't read this file, remember it but keep going. */
+            if (retval == EACCES || retval == EPERM) {
+                access_retval = retval;
+                continue;
+            }
             if (retval) {
                 profile_release(profile);
                 return retval;
@@ -58,11 +63,11 @@
         }
         /*
          * If last is still null after the loop, then all the files were
-         * missing, so return the appropriate error.
+         * missing or unreadable, so return the appropriate error.
          */
         if (!last) {
             profile_release(profile);
-            return ENOENT;
+            return access_retval ? access_retval : ENOENT;
         }
     }

More information about the cvs-krb5 mailing list